Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" (https://www.trojaner-board.de/112171-virus-windows-sicherheitsgruenden-blockiert-bezahlen-runterladen.html)

Heinrichter 23.03.2012 15:10
Virus - "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen"
 
Hallo Liebe Freunde,
Ich bin neu hier und wollte um eure Hilfe bitten. Ich hab schon einige Threads zu meinem Problem gefunden, aber man soll sein eigenes erstellen. Naja ich fang mal an. Ich war heute in einer Internet Seite ein Video gucken dann kam die Meldung "Ihr Windows System wurde aus Sicherheitsgründen blockiert" "Bezahlen und Runterladen" und man konnte da nicht raus. Jetzt wollte ich euch bitten mir zu erklären was ich da machen muss, achja ich bin manchmal leider schwer von Begriff und kenn mich mit den Sachen hier nur mäßig aus, also bitte hilft mir. Mein Tag ist versaut:(

Extras.txt
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 23.03.2012 14:26:03 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Koc\Documents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 87,61% Memory free
15,00 Gb Paging File | 14,28 Gb Available in Paging File | 95,23% Paging File free
Paging file location(s): c:\pagefile.sys 9214 9214 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,79 Gb Total Space | 349,48 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 14,28 Gb Total Space | 2,51 Gb Free Space | 17,58% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 277,78 Gb Free Space | 46,59% Space Free | Partition Type: NTFS
 
Computer Name: KOC-PC | User Name: Koc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{2DB39FB6-161E-44E7-B2A1-B654C85EFBC1}" = MySQL Server 5.5
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardwarediagnosetools
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91591AEF-F2AB-45DF-9BAA-4288B5EC8032}" = Tt eSPORTS Challenger Pro
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEDE732-24D7-468A-AB10-DC5D088C04D3}" = DDBAC
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBA46D83-6DDE-4332-A29A-10F9553C9F06}" = EMS SQL Query 2010 for MySQL
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Afterburner" = MSI Afterburner 2.1.0
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"facemoods" = facemoods
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MySSID_is1" = EXPERTool 7.20
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PriceGong" = PriceGong 2.5.1
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"Kies Air Discovery Service" = Kies Air Discovery Service
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2012 12:56:18 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 12:56:25 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 12:56:26 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 12:56:28 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 12:56:38 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.03.2012 13:31:56 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 22.03.2012 11:04:17 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.03.2012 01:57:44 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.03.2012 08:46:23 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.03.2012 09:15:09 | Computer Name = Koc-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Hewlett-Packard Events ]
Error - 01.11.2011 11:42:10 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
Error - 01.11.2011 11:42:11 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
Error - 01.11.2011 11:42:11 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description =
 
Error - 15.11.2011 09:32:38 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
Error - 15.11.2011 09:32:38 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
Error - 27.12.2011 09:44:46 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
Error - 27.12.2011 09:44:47 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
Error - 14.02.2012 11:55:51 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
Error - 14.02.2012 11:55:52 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
Error - 06.03.2012 12:10:38 | Computer Name = Koc-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a(Object
 A_0, EventArgs A_1)
 
[ OSession Events ]
Error - 05.12.2010 10:51:28 | Computer Name = Koc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2552
 seconds with 2400 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.03.2012 09:20:46 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:22:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:22:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:22:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:27:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:27:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:27:28 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:29:36 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:29:36 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 23.03.2012 09:29:36 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---

otl.txt
OTL Logfile:
Code:
OTL logfile created on: 23.03.2012 14:26:03 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Koc\Documents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 87,61% Memory free
15,00 Gb Paging File | 14,28 Gb Available in Paging File | 95,23% Paging File free
Paging file location(s): c:\pagefile.sys 9214 9214 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,79 Gb Total Space | 349,48 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 14,28 Gb Total Space | 2,51 Gb Free Space | 17,58% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 277,78 Gb Free Space | 46,59% Space Free | Partition Type: NTFS
 
Computer Name: KOC-PC | User Name: Koc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.23 14:24:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.03 20:12:04 | 009,619,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.03.21 13:32:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.10 20:57:30 | 003,340,064 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:53 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.05 19:31:17 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.07.18 21:35:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.04 19:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.11.12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.31 08:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 08:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.11.24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 09:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.07 13:34:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.07 13:34:45 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.31 23:48:10 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.19 17:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}
IE:64bit: - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=5453387e00000000000090e6ba6515c1
IE - HKCU\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
IE - HKCU\..\SearchScopes\{B4BE5E59-3B3E-4FFD-BC3F-D6AB1DC7838F}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111044,16981,0,22,0"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=110000&babsrc=adbartrp&mntrId=5453387e00000000000090e6ba6515c1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Koc\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 13:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.14 10:44:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 13:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.14 10:44:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Koc\Program Files (x86)\DNA [2011.11.05 19:53:26 | 000,000,000 | ---D | M]
 
[2010.02.01 12:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Extensions
[2012.03.10 23:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions
[2011.10.19 17:57:23 | 000,000,000 | ---D | M] (DDBAC) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2011.10.14 13:06:25 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010.06.02 18:26:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.12 10:51:21 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\toolbar@ask.com
[2010.02.04 00:05:30 | 000,002,163 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\bing.xml
[2010.01.12 15:26:12 | 000,000,941 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\conduit.xml
[2011.10.14 13:06:07 | 000,003,915 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\sweetim.xml
[2012.02.22 21:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\KOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HHENO98.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.20 13:44:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.22 21:31:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.25 15:14:05 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.22 21:31:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.22 21:31:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.28 17:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012.02.22 21:31:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.22 21:31:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.22 21:31:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.18 16:19:00 | 000,001,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1      orbitservice.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ChallengerPro] C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe (Chicony)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [{1D0A50C5-0A46-11DF-8BA7-806E6F6E6963}] C:\Users\Koc\AppData\Roaming\Microsoft\newsrdr.exe (the VideoLAN Team)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Koc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: olb.de ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF891A-96DD-4D2F-9DEB-58A1ECE03F8D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cc69dd07-0eba-11df-a591-90e6ba6515c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cc69dd07-0eba-11df-a591-90e6ba6515c1}\Shell\AutoRun\command - "" = K:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.23 14:24:03 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
[2012.03.23 06:58:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2CB59A15-9B96-4C3C-B9DA-97DEB293706A}
[2012.03.23 06:58:01 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{46FBFB16-EB0B-4FF2-B359-DBA2C9524E01}
[2012.03.21 07:16:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B2BB6F2C-E1C3-4734-A2D7-8E4E61D59A30}
[2012.03.21 07:16:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2E9D5AA7-D0B8-4989-9D16-5E6373472999}
[2012.03.20 07:01:00 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3A42C2AA-708D-4DE5-B6D3-0CFBF0BE81C2}
[2012.03.20 07:00:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{D7749010-F33C-47BB-805B-7C3968315DDD}
[2012.03.19 07:30:01 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3B662F78-6D85-4E91-9637-D294E0B6C41B}
[2012.03.19 07:29:50 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5CDB5B73-1017-4A66-A883-CD44304B007D}
[2012.03.18 11:49:30 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{DFF64290-0598-4D58-ABC1-253BF07F5137}
[2012.03.18 11:49:19 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B81C251A-5F66-4BA4-AEA7-F54087FA2FF2}
[2012.03.17 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{E9258F6D-F815-4C6D-BBF8-45CE8E204A50}
[2012.03.17 22:50:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{D7DC526C-4844-4D47-9734-850E773E245D}
[2012.03.17 08:21:31 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{37940648-A346-40B4-A83F-406D5D6B8688}
[2012.03.17 08:21:20 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{15120BE7-24DF-4C5D-9332-8A7C7A6F3337}
[2012.03.16 06:58:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{F4E5FD0B-45DC-43D2-910C-1E0472DA72CA}
[2012.03.16 06:58:21 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0D3C03DA-C69D-44CE-9653-A8AC33514A1D}
[2012.03.15 06:24:21 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{12B4DB6A-117A-45F6-BED5-C4582A4D945D}
[2012.03.15 06:24:10 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{8E02982A-16EE-4B43-8013-E6311434ED93}
[2012.03.14 13:23:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{869AD0B9-1A4B-4B2F-A348-F45FCA7DBA15}
[2012.03.14 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B90EFAF9-4590-49E6-B6AB-3433BEEA44E8}
[2012.03.13 06:45:54 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5EA971FA-4049-404E-A5E2-B80A949CEF32}
[2012.03.13 06:45:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EAC6E2BC-7D83-41A4-8A81-56CC6AEF0037}
[2012.03.12 06:45:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{E4840277-5EFA-4B8E-84E2-882AC616C02F}
[2012.03.12 06:45:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{189E10DF-7726-4D15-8C46-D7ABB4657BA9}
[2012.03.11 11:15:25 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{21890387-EB44-4828-AA65-03033AB929C5}
[2012.03.11 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{BF498C1B-379E-4438-9773-BE346C484A4D}
[2012.03.10 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{9B78DBBD-A58B-4353-A684-2E6693EC3A07}
[2012.03.10 11:27:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3645D781-8361-4BDF-8541-8D8E93A01582}
[2012.03.09 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0428779E-8B04-40B8-874D-2B601201DB74}
[2012.03.09 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{7083B940-C92A-4CAA-8F43-DBFE94425C97}
[2012.03.09 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{8E93D105-7E25-49BD-8E71-B9EE6E2AC54A}
[2012.03.09 08:09:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{75D7A1A8-A7F3-46E3-8BAA-DF36870836FC}
[2012.03.08 07:28:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{38DD7A48-2129-4018-8834-73515EBF1C80}
[2012.03.08 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{003B6C1A-B213-416F-A172-377913A3A34B}
[2012.03.07 15:34:16 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{F1AF3298-1B1E-42A3-9A05-4AA521A66702}
[2012.03.07 15:34:06 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{408C0D5A-6B18-4FF6-9D51-D8693796A9FB}
[2012.03.06 13:29:50 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{4B340039-B14B-4F63-B8F0-9879707983C8}
[2012.03.06 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3447D83A-A379-4468-AC17-692FAC8E7285}
[2012.03.05 13:33:51 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{C5688367-D23D-40B2-B735-021AC709E9EF}
[2012.03.05 13:33:39 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{40293C7B-9B6F-478E-8DBC-4A5B2605E53F}
[2012.03.04 13:04:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{035D35FB-E1BF-4322-AA90-2876490F5169}
[2012.03.04 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5A210FE0-01EC-46FF-9808-A59D4CB7664C}
[2012.03.04 12:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.03.03 09:07:17 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B1BF5AD6-4459-4926-801A-7B8D403EB2AD}
[2012.03.03 09:07:07 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{9CA9FADF-F4A5-47A5-906C-6575FD62ADE2}
[2012.03.02 06:50:48 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{1BBD3B26-E1EC-4CE7-9247-4EC6A38F9B17}
[2012.03.02 06:50:38 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{36E5AF48-1C93-42AB-94AC-8B2D129A76D9}
[2012.03.01 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{77F7B208-6095-4824-AEAB-8FEBCD870174}
[2012.03.01 06:59:53 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{389DCF49-2166-48AD-AB02-F404549E7EE5}
[2012.02.29 13:20:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{4FD698CB-3753-4529-9AB2-EA6459AB479D}
[2012.02.29 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{40CBFE62-A22C-4015-B231-D3EBE5F05E21}
[2012.02.28 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{6E24C06B-D188-41C6-8F6E-A4E6C8A46CE0}
[2012.02.28 19:29:33 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{50C7176A-360C-4143-984C-DDE97398B06F}
[2012.02.28 07:28:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EEDDA2B5-C103-4AD3-8DD5-B9E689A4851E}
[2012.02.28 07:28:40 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{30C033DC-D93F-49D1-B3A1-09FED3366F68}
[2012.02.27 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{83EF20B7-5BFC-4D66-B20D-AA570E7C8F9C}
[2012.02.27 18:40:51 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{519F1C82-6828-43C8-8562-AD711DE9668D}
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Beschleunigen
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.02.27 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.02.27 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2012.02.27 06:40:25 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{43FFDA3E-3943-4A48-812A-20AEE9427C40}
[2012.02.27 06:40:15 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2B762216-AD84-40EE-978B-4B09DB238728}
[2012.02.26 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5E50EC1C-A3AD-4299-89B4-9BF6B82D81A2}
[2012.02.26 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EE63B937-EB71-443D-B8BB-1C1A605322EA}
[2012.02.25 15:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.25 09:05:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0B465A1A-8C44-4D20-A189-8432D30659E8}
[2012.02.25 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B0EF51DC-89F0-4271-974B-8536AE0426DA}
[2012.02.24 07:50:09 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{A86C5033-90EA-4985-B102-4011E28C91C0}
[2012.02.24 07:49:58 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B97683E3-9789-451B-B07E-9303B593189C}
[2012.02.23 08:10:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{70A0A887-C5F9-429A-BAA7-BDC2D4ADFC13}
[2012.02.23 08:10:36 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{FEA3E3C6-CA95-41A4-BF6F-93E118093A66}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.23 14:24:29 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.23 14:24:29 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.23 14:24:29 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.23 14:24:29 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.23 14:24:29 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.23 14:24:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
[2012.03.23 14:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.23 14:20:08 | 536,268,799 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 14:14:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012.03.23 13:53:14 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 13:53:14 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 18:23:52 | 000,307,650 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\OpenDocument Text (neu) (2).odt
[2012.03.20 14:24:57 | 001,619,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.14 15:59:32 | 003,309,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.10 23:13:53 | 000,000,600 | ---- | M] () -- C:\Users\Koc\PUTTY.RND
[2012.03.04 12:42:57 | 000,002,003 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\JDownloader.lnk
[2012.02.26 19:18:30 | 000,005,176 | ---- | M] () -- C:\Users\Koc\.TransferManager.db
[2012.02.25 15:14:10 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.25 14:49:06 | 000,002,003 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Kies Air Discovery Service.lnk
[2012.02.25 14:41:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.02.22 20:26:15 | 000,001,302 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Free YouTube Download.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.10 18:09:38 | 000,000,600 | ---- | C] () -- C:\Users\Koc\PUTTY.RND
[2012.03.04 12:42:57 | 000,002,003 | ---- | C] () -- C:\Users\Koc\Documents\Desktop\JDownloader.lnk
[2012.03.04 12:42:54 | 000,001,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.03.04 12:42:54 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.03.04 12:42:54 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.02.26 18:57:36 | 000,005,176 | ---- | C] () -- C:\Users\Koc\.TransferManager.db
[2012.02.25 15:14:10 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.25 14:49:06 | 000,002,003 | ---- | C] () -- C:\Users\Koc\Documents\Desktop\Kies Air Discovery Service.lnk
[2012.02.25 14:41:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.02.12 18:46:11 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.02 08:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.11.24 13:06:46 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.08.16 09:11:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.07.05 19:53:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.04.28 14:27:37 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
 
========== LOP Check ==========
 
[2011.10.12 18:29:25 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\.minecraft
[2010.09.19 13:08:32 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Azureus
[2011.10.25 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Babylon
[2010.02.01 12:16:19 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DataDesign
[2010.05.22 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Dev-Cpp
[2011.11.05 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DNA
[2012.02.22 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoft
[2011.04.13 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.16 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\EPSON
[2010.11.01 12:01:35 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GetRightToGo
[2010.07.14 20:39:31 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GMX
[2011.03.26 14:16:50 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\gtk-2.0
[2010.07.09 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Leadertech
[2011.07.11 15:02:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Need for Speed World
[2012.02.27 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2010.04.18 12:32:59 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenOffice.org
[2012.02.27 21:47:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.01.05 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Origin
[2012.02.27 18:19:44 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2010.02.22 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Sports Interactive
[2010.02.03 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Steganos
[2011.10.15 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\The Creative Assembly
[2010.11.27 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\TubeBox
[2010.03.16 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Ubisoft
[2010.02.16 23:12:55 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Uniblue
[2010.01.30 12:34:56 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WildTangent
[2010.02.01 18:58:43 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WinBatch
[2010.01.30 12:35:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\_MDLogs
[2012.03.23 14:14:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012.01.31 12:46:29 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.03.09 13:23:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.03.22 18:45:10 | 000,000,000 | ---D | M](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪
[2010.02.06 00:09:05 | 000,000,000 | ---D | C](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪

< End of report >
--- --- ---

hab ich das richtig gemacht??^^

Heinrichter 23.03.2012 15:39
Nein das ist das Richtige mit den Benutzerdefinierten Dingern
OTL Logfile:
Code:
OTL logfile created on: 23.03.2012 15:22:54 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Koc\Documents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,93 Gb Available Physical Memory | 82,16% Memory free
15,00 Gb Paging File | 14,04 Gb Available in Paging File | 93,61% Paging File free
Paging file location(s): c:\pagefile.sys 9214 9214 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,79 Gb Total Space | 348,78 Gb Free Space | 59,95% Space Free | Partition Type: NTFS
Drive D: | 14,28 Gb Total Space | 2,51 Gb Free Space | 17,58% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 277,78 Gb Free Space | 46,59% Space Free | Partition Type: NTFS
 
Computer Name: KOC-PC | User Name: Koc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.23 15:04:21 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.03.23 14:24:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
PRC - [2012.01.31 08:55:52 | 000,492,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.23 15:04:21 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.01.31 08:56:07 | 000,398,288 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.03 20:12:04 | 009,619,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.03.23 15:04:22 | 000,909,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2012.03.21 13:32:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.10 20:57:30 | 003,340,064 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:53 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.05 19:31:17 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.07.18 21:35:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.04 19:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.11.12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.31 08:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 08:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.11.24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.10.07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 09:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.07 13:34:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.07 13:34:45 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.31 23:48:10 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.19 17:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}
IE:64bit: - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=5453387e00000000000090e6ba6515c1
IE - HKCU\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={45AF05C8-ED7B-41DD-878B-6DEDC97FA553}&mid=43b40588aaf347d0a03c41affc81fc32-450bf629469fd1682f1cead1d522c8d33fd0288f&lang=de&ds=AVG&pr=fr&d=2012-03-23 15:04:23&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
IE - HKCU\..\SearchScopes\{B4BE5E59-3B3E-4FFD-BC3F-D6AB1DC7838F}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111044,16981,0,22,0"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=110000&babsrc=adbartrp&mntrId=5453387e00000000000090e6ba6515c1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Koc\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.03.23 15:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.03.23 15:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 13:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.14 10:44:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 13:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.14 10:44:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Koc\Program Files (x86)\DNA [2011.11.05 19:53:26 | 000,000,000 | ---D | M]
 
[2010.02.01 12:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Extensions
[2012.03.10 23:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions
[2011.10.19 17:57:23 | 000,000,000 | ---D | M] (DDBAC) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2011.10.14 13:06:25 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010.06.02 18:26:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.12 10:51:21 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\extensions\toolbar@ask.com
[2010.02.04 00:05:30 | 000,002,163 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\bing.xml
[2010.01.12 15:26:12 | 000,000,941 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\conduit.xml
[2011.10.14 13:06:07 | 000,003,915 | ---- | M] () -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\searchplugins\sweetim.xml
[2012.02.22 21:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\KOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HHENO98.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.20 13:44:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.22 21:31:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.23 15:04:20 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.25 15:14:05 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.22 21:31:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.22 21:31:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.28 17:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012.02.22 21:31:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.22 21:31:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.22 21:31:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.18 16:19:00 | 000,001,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1      orbitservice.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit-savegames.s3.amazonaws.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ChallengerPro] C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe (Chicony)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [{1D0A50C5-0A46-11DF-8BA7-806E6F6E6963}] C:\Users\Koc\AppData\Roaming\Microsoft\newsrdr.exe (the VideoLAN Team)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Koc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: olb.de ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF891A-96DD-4D2F-9DEB-58A1ECE03F8D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cc69dd07-0eba-11df-a591-90e6ba6515c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cc69dd07-0eba-11df-a591-90e6ba6515c1}\Shell\AutoRun\command - "" = K:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4732DEB2-7C6F-40F6-10F6-3F425E33C220} - Internet Explorer
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5A525B7A-82D3-214A-CBA5-E92CE1399C60} - Browser Customizations
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4680B4F0-DCE8-84ED-F9B5-06775D2FB1EE} - Internet Explorer
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^Users^Koc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\Koc\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= - C:\Program Files (x86)\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe (facemoods.com)
MsConfig:64bit - StartUpReg: GAINWARD - hkey= - key= - C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
MsConfig:64bit - StartUpReg: GMX_GMX MultiMessenger - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.23 15:11:22 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\AVG2012
[2012.03.23 15:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012.03.23 15:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.03.23 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.03.23 15:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012.03.23 15:04:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.03.23 15:03:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012.03.23 15:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.03.23 15:03:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012.03.23 15:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.03.23 14:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.03.23 14:24:03 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
[2012.03.23 06:58:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2CB59A15-9B96-4C3C-B9DA-97DEB293706A}
[2012.03.23 06:58:01 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{46FBFB16-EB0B-4FF2-B359-DBA2C9524E01}
[2012.03.21 07:16:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B2BB6F2C-E1C3-4734-A2D7-8E4E61D59A30}
[2012.03.21 07:16:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2E9D5AA7-D0B8-4989-9D16-5E6373472999}
[2012.03.20 07:01:00 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3A42C2AA-708D-4DE5-B6D3-0CFBF0BE81C2}
[2012.03.20 07:00:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{D7749010-F33C-47BB-805B-7C3968315DDD}
[2012.03.19 07:30:01 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3B662F78-6D85-4E91-9637-D294E0B6C41B}
[2012.03.19 07:29:50 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5CDB5B73-1017-4A66-A883-CD44304B007D}
[2012.03.18 11:49:30 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{DFF64290-0598-4D58-ABC1-253BF07F5137}
[2012.03.18 11:49:19 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B81C251A-5F66-4BA4-AEA7-F54087FA2FF2}
[2012.03.17 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{E9258F6D-F815-4C6D-BBF8-45CE8E204A50}
[2012.03.17 22:50:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{D7DC526C-4844-4D47-9734-850E773E245D}
[2012.03.17 08:21:31 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{37940648-A346-40B4-A83F-406D5D6B8688}
[2012.03.17 08:21:20 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{15120BE7-24DF-4C5D-9332-8A7C7A6F3337}
[2012.03.16 06:58:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{F4E5FD0B-45DC-43D2-910C-1E0472DA72CA}
[2012.03.16 06:58:21 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0D3C03DA-C69D-44CE-9653-A8AC33514A1D}
[2012.03.15 06:24:21 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{12B4DB6A-117A-45F6-BED5-C4582A4D945D}
[2012.03.15 06:24:10 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{8E02982A-16EE-4B43-8013-E6311434ED93}
[2012.03.14 13:23:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{869AD0B9-1A4B-4B2F-A348-F45FCA7DBA15}
[2012.03.14 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B90EFAF9-4590-49E6-B6AB-3433BEEA44E8}
[2012.03.13 06:45:54 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5EA971FA-4049-404E-A5E2-B80A949CEF32}
[2012.03.13 06:45:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EAC6E2BC-7D83-41A4-8A81-56CC6AEF0037}
[2012.03.12 06:45:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{E4840277-5EFA-4B8E-84E2-882AC616C02F}
[2012.03.12 06:45:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{189E10DF-7726-4D15-8C46-D7ABB4657BA9}
[2012.03.11 11:15:25 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{21890387-EB44-4828-AA65-03033AB929C5}
[2012.03.11 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{BF498C1B-379E-4438-9773-BE346C484A4D}
[2012.03.10 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{9B78DBBD-A58B-4353-A684-2E6693EC3A07}
[2012.03.10 11:27:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3645D781-8361-4BDF-8541-8D8E93A01582}
[2012.03.09 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0428779E-8B04-40B8-874D-2B601201DB74}
[2012.03.09 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{7083B940-C92A-4CAA-8F43-DBFE94425C97}
[2012.03.09 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{8E93D105-7E25-49BD-8E71-B9EE6E2AC54A}
[2012.03.09 08:09:24 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{75D7A1A8-A7F3-46E3-8BAA-DF36870836FC}
[2012.03.08 07:28:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{38DD7A48-2129-4018-8834-73515EBF1C80}
[2012.03.08 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{003B6C1A-B213-416F-A172-377913A3A34B}
[2012.03.07 15:34:16 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{F1AF3298-1B1E-42A3-9A05-4AA521A66702}
[2012.03.07 15:34:06 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{408C0D5A-6B18-4FF6-9D51-D8693796A9FB}
[2012.03.06 13:29:50 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{4B340039-B14B-4F63-B8F0-9879707983C8}
[2012.03.06 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{3447D83A-A379-4468-AC17-692FAC8E7285}
[2012.03.05 13:33:51 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{C5688367-D23D-40B2-B735-021AC709E9EF}
[2012.03.05 13:33:39 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{40293C7B-9B6F-478E-8DBC-4A5B2605E53F}
[2012.03.04 13:04:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{035D35FB-E1BF-4322-AA90-2876490F5169}
[2012.03.04 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5A210FE0-01EC-46FF-9808-A59D4CB7664C}
[2012.03.04 12:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.03.03 09:07:17 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B1BF5AD6-4459-4926-801A-7B8D403EB2AD}
[2012.03.03 09:07:07 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{9CA9FADF-F4A5-47A5-906C-6575FD62ADE2}
[2012.03.02 06:50:48 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{1BBD3B26-E1EC-4CE7-9247-4EC6A38F9B17}
[2012.03.02 06:50:38 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{36E5AF48-1C93-42AB-94AC-8B2D129A76D9}
[2012.03.01 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{77F7B208-6095-4824-AEAB-8FEBCD870174}
[2012.03.01 06:59:53 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{389DCF49-2166-48AD-AB02-F404549E7EE5}
[2012.02.29 13:20:57 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{4FD698CB-3753-4529-9AB2-EA6459AB479D}
[2012.02.29 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{40CBFE62-A22C-4015-B231-D3EBE5F05E21}
[2012.02.28 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{6E24C06B-D188-41C6-8F6E-A4E6C8A46CE0}
[2012.02.28 19:29:33 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{50C7176A-360C-4143-984C-DDE97398B06F}
[2012.02.28 07:28:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EEDDA2B5-C103-4AD3-8DD5-B9E689A4851E}
[2012.02.28 07:28:40 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{30C033DC-D93F-49D1-B3A1-09FED3366F68}
[2012.02.27 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{83EF20B7-5BFC-4D66-B20D-AA570E7C8F9C}
[2012.02.27 18:40:51 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{519F1C82-6828-43C8-8562-AD711DE9668D}
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Beschleunigen
[2012.02.27 18:19:44 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.02.27 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.02.27 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2012.02.27 06:40:25 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{43FFDA3E-3943-4A48-812A-20AEE9427C40}
[2012.02.27 06:40:15 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{2B762216-AD84-40EE-978B-4B09DB238728}
[2012.02.26 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{5E50EC1C-A3AD-4299-89B4-9BF6B82D81A2}
[2012.02.26 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{EE63B937-EB71-443D-B8BB-1C1A605322EA}
[2012.02.25 15:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.25 09:05:35 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{0B465A1A-8C44-4D20-A189-8432D30659E8}
[2012.02.25 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B0EF51DC-89F0-4271-974B-8536AE0426DA}
[2012.02.24 07:50:09 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{A86C5033-90EA-4985-B102-4011E28C91C0}
[2012.02.24 07:49:58 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{B97683E3-9789-451B-B07E-9303B593189C}
[2012.02.23 08:10:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{70A0A887-C5F9-429A-BAA7-BDC2D4ADFC13}
[2012.02.23 08:10:36 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\{FEA3E3C6-CA95-41A4-BF6F-93E118093A66}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.23 15:13:49 | 059,430,526 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.03.23 15:13:49 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012.03.23 15:04:32 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.03.23 15:03:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.03.23 15:03:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.03.23 14:24:29 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.23 14:24:29 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.23 14:24:29 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.23 14:24:29 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.23 14:24:29 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.23 14:24:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Koc\Documents\Desktop\OTL.exe
[2012.03.23 14:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.23 14:20:08 | 536,268,799 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 14:14:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012.03.23 13:53:14 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 13:53:14 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 18:23:52 | 000,307,650 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\OpenDocument Text (neu) (2).odt
[2012.03.20 14:24:57 | 001,619,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.14 15:59:32 | 003,309,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.10 23:13:53 | 000,000,600 | ---- | M] () -- C:\Users\Koc\PUTTY.RND
[2012.03.04 12:42:57 | 000,002,003 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\JDownloader.lnk
[2012.02.26 19:18:30 | 000,005,176 | ---- | M] () -- C:\Users\Koc\.TransferManager.db
[2012.02.25 15:14:10 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.25 14:49:06 | 000,002,003 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Kies Air Discovery Service.lnk
[2012.02.25 14:41:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.02.22 20:26:15 | 000,001,302 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Free YouTube Download.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.23 15:13:49 | 059,430,526 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.03.23 15:13:49 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012.03.23 15:04:32 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.03.23 15:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.03.23 15:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.03.10 18:09:38 | 000,000,600 | ---- | C] () -- C:\Users\Koc\PUTTY.RND
[2012.03.04 12:42:57 | 000,002,003 | ---- | C] () -- C:\Users\Koc\Documents\Desktop\JDownloader.lnk
[2012.03.04 12:42:54 | 000,001,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.03.04 12:42:54 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.03.04 12:42:54 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.02.26 18:57:36 | 000,005,176 | ---- | C] () -- C:\Users\Koc\.TransferManager.db
[2012.02.25 15:14:10 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.25 14:49:06 | 000,002,003 | ---- | C] () -- C:\Users\Koc\Documents\Desktop\Kies Air Discovery Service.lnk
[2012.02.25 14:41:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.02.12 18:46:11 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.02 08:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.11.24 13:06:46 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.08.16 09:11:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.07.05 19:53:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.04.28 14:27:37 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
 
========== LOP Check ==========
 
[2011.10.12 18:29:25 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\.minecraft
[2012.03.23 15:11:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\AVG2012
[2010.09.19 13:08:32 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Azureus
[2011.10.25 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Babylon
[2010.02.01 12:16:19 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DataDesign
[2010.05.22 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Dev-Cpp
[2011.11.05 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DNA
[2012.02.22 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoft
[2011.04.13 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.16 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\EPSON
[2010.11.01 12:01:35 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GetRightToGo
[2010.07.14 20:39:31 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GMX
[2011.03.26 14:16:50 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\gtk-2.0
[2010.07.09 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Leadertech
[2011.07.11 15:02:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Need for Speed World
[2012.02.27 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2010.04.18 12:32:59 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenOffice.org
[2012.02.27 21:47:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.01.05 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Origin
[2012.02.27 18:19:44 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2010.02.22 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Sports Interactive
[2010.02.03 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Steganos
[2011.10.15 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\The Creative Assembly
[2010.11.27 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\TubeBox
[2010.03.16 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Ubisoft
[2010.02.16 23:12:55 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Uniblue
[2010.01.30 12:34:56 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WildTangent
[2010.02.01 18:58:43 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WinBatch
[2010.01.30 12:35:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\_MDLogs
[2012.03.23 14:14:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012.01.31 12:46:29 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.03.09 13:23:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.04.13 09:50:17 | 000,000,000 | ---D | M] -- C:\$Recycle.Bin
[2010.04.25 20:10:47 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2011.03.24 17:28:38 | 000,000,000 | ---D | M] -- C:\Casino
[2010.05.22 12:31:00 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2012.02.27 18:25:18 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.08.14 16:58:20 | 000,000,000 | ---D | M] -- C:\Fraps
[2010.02.24 12:37:28 | 000,000,000 | ---D | M] -- C:\Games
[2010.07.31 09:43:41 | 000,000,000 | ---D | M] -- C:\hp
[2010.04.19 09:25:10 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.10.15 17:42:54 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.11.05 11:10:26 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.03.23 15:04:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.03.23 15:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.03.05 19:27:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.15 17:44:07 | 000,000,000 | ---D | M] -- C:\Users
[2012.03.23 14:20:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.01.04 02:09:35 | 000,002,881 | ---- | M] () -- C:\Users\Koc\.recently-used.xbel
[2012.02.26 19:18:30 | 000,005,176 | ---- | M] () -- C:\Users\Koc\.TransferManager.db
[2012.03.23 15:28:04 | 005,505,024 | -HS- | M] () -- C:\Users\Koc\NTUSER.DAT
[2012.03.23 15:28:04 | 000,262,144 | -HS- | M] () -- C:\Users\Koc\ntuser.dat.LOG1
[2010.01.30 12:24:34 | 000,000,000 | -HS- | M] () -- C:\Users\Koc\ntuser.dat.LOG2
[2010.01.30 12:46:36 | 000,065,536 | -HS- | M] () -- C:\Users\Koc\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.01.30 12:46:36 | 000,524,288 | -HS- | M] () -- C:\Users\Koc\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.01.30 12:46:36 | 000,524,288 | -HS- | M] () -- C:\Users\Koc\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.01.30 12:24:34 | 000,000,020 | -HS- | M] () -- C:\Users\Koc\ntuser.ini
[2012.03.10 23:13:53 | 000,000,600 | ---- | M] () -- C:\Users\Koc\PUTTY.RND
[2010.03.06 15:46:10 | 000,000,000 | ---- | M] () -- C:\Users\Koc\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >
 
========== Files - Unicode (All) ==========
[2012.03.22 18:45:10 | 000,000,000 | ---D | M](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪
[2010.02.06 00:09:05 | 000,000,000 | ---D | C](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪

< End of report >
--- --- ---

markusg 23.03.2012 17:12
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [{1D0A50C5-0A46-11DF-8BA7-806E6F6E6963}] C:\Users\Koc\AppData\Roaming\Microsoft\newsrdr.exe (the VideoLAN Team)
 :Files
C:\Users\Koc\AppData\Roaming\Microsoft\newsrdr.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Heinrichter 23.03.2012 18:47
Hab ich gemacht Chef, nur konnte mein antivirus programm nicht ausschalten hoffe ist nicht so dramatisch, naja danke ist seit echt gute Menschen besten Dank.

markusg 23.03.2012 18:49
schaun wir mal weiter:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Heinrichter 23.03.2012 19:04
Ich habe combofix runtergeladen aber der sagt mir das es bei mir nicht funktioniert, weil ich ja windows 7 64bit drauf habe, was kann ich machen chef? Es wäre natürlich optimal wenn du mir den Download Link von Combofix geben könntest, wenn es einen für 64 bit gibt, also ich habe keins gefunden:(

markusg 23.03.2012 19:06
da sind ganze 2 stück im tutorial, sollte für dein system passen :-)

Heinrichter 23.03.2012 20:23
Zitat:
Zitat von markusg (Beitrag 798942)
da sind ganze 2 stück im tutorial, sollte für dein system passen :-)
Tut mir Leid Meister hat bisschen lange gedauert, wie gesagt bin schwer von Begriff^^ hier das Ding. Danke für deine Bemühung

Combofix Logfile:
Code:
ComboFix 12-03-22.01 - Koc 23.03.2012  19:51:05.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6143.4325 [GMT 1:00]
ausgeführt von:: c:\users\Koc\Documents\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\uninstall.exe
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\users\Koc\videos\fraps.exe
c:\users\Koc\videos\uninstall.exe
c:\windows\IsUn0407.exe
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-23 bis 2012-03-23  ))))))))))))))))))))))))))))))
.
.
2012-03-23 18:57 . 2012-03-23 18:57        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-03-23 18:02 . 2012-03-23 18:02        --------        d-----w-        c:\users\Koc\AppData\Roaming\Iminent
2012-03-23 18:02 . 2012-03-23 18:02        --------        d-----w-        c:\programdata\Iminent
2012-03-23 18:02 . 2012-03-23 18:57        --------        d-----w-        c:\program files (x86)\IMinent Toolbar
2012-03-23 18:02 . 2011-12-23 12:07        73216        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.80.dll
2012-03-23 18:02 . 2011-12-23 12:07        67072        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.WebBooster.XPCOM.18.dll
2012-03-23 18:02 . 2011-12-23 12:07        72704        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.50.dll
2012-03-23 18:02 . 2011-12-23 12:06        73216        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.90.dll
2012-03-23 18:02 . 2011-12-23 12:06        75264        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.20.dll
2012-03-23 18:02 . 2011-12-23 12:06        73216        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.60.dll
2012-03-23 18:02 . 2011-12-23 12:06        73216        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.70.dll
2012-03-23 18:02 . 2012-03-23 18:02        --------        d-----w-        c:\program files (x86)\Iminent
2012-03-23 17:42 . 2012-03-23 17:42        --------        d-----w-        c:\programdata\WinZip
2012-03-23 17:31 . 2012-03-23 17:43        --------        d-----w-        C:\_OTL
2012-03-23 16:48 . 2012-03-23 16:48        --------        d-----w-        C:\$AVG
2012-03-23 14:11 . 2012-03-23 14:11        --------        d-----w-        c:\users\Koc\AppData\Roaming\AVG2012
2012-03-23 14:04 . 2012-03-23 14:04        --------        d--h--w-        c:\programdata\Common Files
2012-03-23 14:03 . 2012-03-23 18:20        --------        d-----w-        c:\programdata\AVG2012
2012-03-23 14:03 . 2012-03-23 14:03        --------        d-----w-        c:\program files (x86)\AVG
2012-03-23 13:59 . 2012-03-23 18:18        --------        d-----w-        c:\programdata\MFAData
2012-03-20 12:44 . 2012-03-20 12:44        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 12:44 . 2012-03-20 12:44        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 13:22 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 13:22 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:22 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:29 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 12:29 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 12:29 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 12:28 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:28 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 12:28 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:28 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 12:28 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:28 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:28 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-04 11:42 . 2012-03-10 22:17        --------        d-----w-        c:\program files (x86)\JDownloader
2012-02-27 17:19 . 2012-02-28 15:10        --------        d-----w-        c:\program files (x86)\PC Beschleunigen
2012-02-27 17:19 . 2012-02-27 17:25        --------        d-----w-        C:\Downloads
2012-02-27 17:19 . 2012-02-27 17:19        --------        d-----w-        c:\users\Koc\AppData\Roaming\ProgSense
2012-02-27 17:19 . 2012-02-27 20:47        --------        d-----w-        c:\users\Koc\AppData\Roaming\Orbit
2012-02-27 17:19 . 2012-02-27 17:19        --------        d-----w-        c:\users\Koc\AppData\Roaming\OpenCandy
2012-02-25 14:14 . 2012-02-25 14:14        237        ----a-w-        C:\user.js
2012-02-25 14:14 . 2012-02-25 14:14        --------        d-----w-        c:\program files (x86)\BabylonToolbar
2012-02-22 20:31 . 2012-02-22 20:31        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-22 20:31 . 2012-02-22 20:31        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-22 20:31 . 2012-02-22 20:31        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 18:02 . 2011-05-17 15:52        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-02-18 13:57        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-08 07:13 . 2012-03-23 13:22        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{37820E9E-EE8A-42F8-8108-41FCF3644D68}\mpengine.dll
2012-02-07 13:23 . 2012-02-07 13:23        238440        ----a-w-        c:\windows\SysWow64\AXFOAM.DLL
2012-01-25 17:55 . 2010-07-05 18:58        282880        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-01-25 17:55 . 2010-02-04 15:33        282880        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-01-25 17:51 . 2010-02-04 15:33        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-01-05 18:31 . 2010-02-04 15:33        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-01-04 10:44 . 2012-02-16 16:29        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 16:29        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 16:29        515584        ----a-w-        c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 16:29        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 16:29        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
2006-05-03 09:06        163328        --sh--r-        c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47        31232        --sh--r-        c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30        216064        --sh--r-        c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 08:54        2607872        ----a-w-        c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2009-12-31 10:53        2349080        ----a-w-        c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20        1514152        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Koc\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"ChallengerPro"="c:\program files (x86)\Thermaltake Challenger Pro\Ttsystray.exe" [2010-06-21 1254912]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2011-12-23 445416]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2011-12-23 881144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-11-5 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Koc\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.iminent.com/?appId=BE9671BD-B3D0-4D74-BF98-5AF984BDA8E3
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: olb.de\www
TCP: DhcpNameServer = 192.168.178.1
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
FF - ProfilePath - c:\users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\7hheno98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=BE9671BD-B3D0-4D74-BF98-5AF984BDA8E3
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4cf2d1e0-dc01-4c8a-8b5d-96383df0b315%7D&mid=43b40588aaf347d0a03c41affc81fc32-450bf629469fd1682f1cead1d522c8d33fd0288f&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2012-03-23%2015%3A04%3A23&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5453387e00000000000090e6ba6515c1
FF - user.js: extensions.BabylonToolbar_i.hardId - 5453387e00000000000090e6ba6515c1
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15395
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:14
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)
Toolbar-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.8.1\uninstall.exe
AddRemove-Fraps - c:\users\Koc\Videos\uninstall.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1260347745-2057524765-1331118998-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:be,99,58,7a,13,a1,04,6f,b9,8e,08,96,a8,c0,39,56,93,72,d8,8e,b7,2a,6b,
  f2,63,12,48,af,b9,86,9c,f2,f1,ca,a6,24,2d,4a,27,01,af,8d,05,f2,42,85,77,e5,\
"??"=hex:68,ad,ff,19,4d,1d,95,e3,8a,d5,61,e6,91,cf,84,89
.
[HKEY_USERS\S-1-5-21-1260347745-2057524765-1331118998-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,4d,3b,67,a6,7c,03,ec,a7,c8,be,38,46,2b,e1,5c,02,49,33,21,53,
  98,df,1d,b4,41,2a,f9,6a,3b,58,aa,f4,97,54,da,b8,45,14,27,3f,8c,16,75,80,22,\
"rkeysecu"=hex:b1,31,0c,17,14,ef,5b,cd,47,9b,ca,6a,f5,41,04,79
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-23  20:03:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-23 19:03
.
Vor Suchlauf: 16 Verzeichnis(se), 374.334.586.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 378.688.937.984 Bytes frei
.
- - End Of File - - B01C59E7E867967EB5382AC71122C286
--- --- ---

markusg 24.03.2012 17:12
war nicht bös gemeint oder so :-)
haben doch bisher alles gut über die bühne gebracht.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Heinrichter 25.03.2012 14:16
[QUOTE=markusg;799277]war nicht bös gemeint oder so :-)
haben doch bisher alles gut über die bühne gebracht.
QUOTE]

Jo bist ein guter mann, es kann ruhig mehr von deiner sorte geben:)
hier der bericht.
Und ich danke nochmal:D

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Koc :: KOC-PC [Administrator]

25.03.2012 12:02:21
mbam-log-2012-03-25 (12-02-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 561671
Laufzeit: 1 Stunde(n), 50 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 25.03.2012 18:37
lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Heinrichter 26.03.2012 15:43
Halloooo, also wo ich unbekannt hinter geschrieben habe, die kenne ich nicht oder weiß nicht ob sie dem system schaden könnten.
Danke, wenn man sie deinstallieren würde.

Code:
7-Zip 4.65 (x64 edition)        Igor Pavlov        03.02.2010        3,99MB        4.65.00.0 (notwendig)
AC2 server emulator 0.44 by Dormine        bjamikel        17.06.2010        7,11MB (unbekannt)       
Adobe AIR        Adobe Systems Inc.        23.05.2010                1.5.3.9120 (unbekannt)
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        22.03.2012        6,00MB        11.1.102.63 (unbekannt)
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        29.11.2011        6,00MB        11.1.102.55 (unbekannt)
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        29.11.2011        6,00MB        11.1.102.55 (unbekannt)
Adobe Media Player        Adobe Systems Incorporated        04.05.2010                1.1 (unbekannt)
Adobe Photoshop CS3        Adobe Systems Incorporated        17.07.2010        1.127MB        10.0 (unnötig)
Adobe Reader 9.4.5 - Deutsch        Adobe Systems Incorporated        13.07.2011        168,0MB        9.4.5 (unbekannt)
Akamai NetSession Interface                19.12.2011 (unbekannt)               
Akamai NetSession Interface Service                09.11.2011 (unbekannt)               
Avira Free Antivirus        Avira        22.03.2012        109,5MB        12.0.0.898 (notwendig)
Avira SearchFree Toolbar plus Web Protection        Ask.com        10.01.2012        4,56MB        1.14.1.0 (unnötig)
Babylon toolbar on IE                24.02.2012 (unnötig)               
Battlefield 3™        Electronic Arts        04.01.2012                1.0.0.0 (notwendig)
Battlelog Web Plugins        EA Digital Illusions CE AB        04.01.2012          1.104.0 (notwendig)       
Bing Bar        Microsoft Corporation        24.03.2011        24,4MB        7.0.609.0 (unbekannt)
Call of Duty Modern Warfare 2        Activision        27.06.2010 (unnötig)               
Call of Duty: Modern Warfare 3        Infinity Ward - Sledgehammer Games        08.11.2011 (notwendig)               
Call of Duty: Modern Warfare 3 - Dedicated Server        Infinity Ward - Sledgehammer Games        08.11.2011 (notwendig)               
Call of Duty: Modern Warfare 3 - Multiplayer        Infinity Ward - Sledgehammer Games        08.11.2011 (notwendig)               
Camera RAW Plug-In for EPSON Creativity Suite                05.03.2010                2.1.0.0 (notwendig)
CCleaner        Piriform        25.03.2012                3.16 (notwendig)
Compatibility Pack für 2007 Office System        Microsoft Corporation        19.03.2012        331MB        12.0.6612.1000 (notwendig)
Core Temp 1.0 RC2        Alcpu        24.10.2011        2,31MB        1.0 (unbekannt)
Counter-Strike: Source        Valve        01.12.2010        (notwendig)       
Crysis® 2        Electronic Arts        13.06.2011        7.757MB        1.0.0.0 (notwendig)
CSS FULL DZ [Oct 15 2007] v18.1        GrCs2Ek~        03.04.2010                v18.1 (unnötig)
CX4300_5500_DX4400 Handbuch                05.03.2010 (unbekannt)               
CyberLink DVD Suite Deluxe        CyberLink Corp.        11.10.2009        16,4MB        6.0.3101 (unbekannt)
DDBAC        DataDesign        19.07.2011        8,51MB        4.3.65 (unbekannt)
Dev-C++ 5 beta 9 release (4.9.9.2)                21.05.2010 (unbekannt)               
DivX-Setup        DivX, LLC        14.04.2011                2.4.1.4 (unnötig)
DNA        BitTorrent Inc.        03.04.2010                2.2.4 (16502) (unnötig)
Easy Driver Pro        Easy Driver Pro        14.10.2011        7,41MB        8.0.1 (unbekannt)
EMS SQL Query 2010 for MySQL        EMS        18.01.2011                3.2.0.5 (unbekannt)
EPSON Attach To Email        SEIKO EPSON        05.03.2010        1,08MB        1.01.0000 (notwendig)
EPSON Copy Utility 3                05.03.2010                3.2.0.0 (notwendig)
EPSON Easy Photo Print                05.03.2010                1.4.2.0 (notwendig)
EPSON File Manager                05.03.2010                1.3.0.0 (notwendig)
EPSON Scan                02.03.2010               
EPSON Scan Assistant                05.03.2010                1.10.00 (notwendig)
EPSON-Drucker-Software        SEIKO EPSON Corporation        05.03.2010 (notwendig)               
ESN Sonar        ESN Social Software AB        04.01.2012                0.70.4 (unbekannt)
EVEREST Home Edition v2.20        Lavalys Inc        19.10.2011                2.20 (unnötig)
EVEREST Ultimate Edition v5.50        Lavalys, Inc.        21.10.2011                5.50 (notwendig)
EXPERTool 7.20        Gainward Co., Ltd        02.11.2011        11,2MB        (unbekannt)
facemoods                15.08.2010 (unnötig)               
Fraps                29.12.2011 (unnötig)               
Free Audio CD Burner version 1.3        DVDVideoSoft Limited.        01.06.2010        8,06MB (notwendig)       
Free M4a to MP3 Converter 6.1        ManiacTools.com        14.08.2010 (notwendig)               
Free Studio version 5.0.8        DVDVideoSoft Limited.        12.04.2011        256MB (notwendig)       
Free YouTube Download 3 version 3.0.11.727        DVDVideoSoft Limited.        29.07.2011        44,8MB        (notwendig)
Free YouTube Download version 3.0.22.221        DVDVideoSoft Ltd.        21.02.2012        60,5MB        3.0.22.221 (notwendig)
Free YouTube to MP3 Converter version 3.10.13.1123        DVDVideoSoft Ltd.        04.12.2011        87,6MB (notwendig)       
FreeRIP v3.42        MGShareware        23.11.2010                3.42 (unbekannt)
FUSSBALL MANAGER 12        Electronic Arts        14.02.2012        6.721MB        1.0.0.3 (notwendig)
GIMP 2.6.8                13.01.2011 (notwendig)               
Google Chrome        Google Inc.        25.03.2012                17.0.963.83 (unnötig)
Half-Life 2: Lost Coast        Valve        19.02.2011 (unnötig)               
Hardwarediagnosetools        PC-Doctor, Inc.        12.10.2009                6.0.5434.08 (unbekannt)
HP Advisor        Hewlett-Packard        11.10.2009        48,0MB        3.2.8946.3086 (unbekannt)
HP Games        WildTangent        25.01.2010                1.0.0.71 (unbekannt)
HP MediaSmart DVD        Hewlett-Packard        29.03.2010        95,3MB        3.0.3420 (unbekannt)
HP MediaSmart Movie Themes        Hewlett-Packard        11.10.2009        400MB        3.0.3102 (unbekannt)
HP MediaSmart Music/Photo/Video        Hewlett-Packard        29.03.2010        314MB        3.1.3601 (unbekannt)
HP MediaSmart SmartMenu        Hewlett-Packard        11.10.2009        1,86MB        3.0.28.2 (unbekannt)
HP Odometer        Hewlett-Packard        11.10.2009        48,00KB        2.10.0000 (unbekannt)
HP Remote Solution        TopSeed        11.10.2009                1.1.9.0 (unbekannt)
HP Setup        Hewlett-Packard        11.10.2009                1.2.3220.3079 (unbekannt)
HP Support Assistant        Hewlett-Packard        06.03.2010        19,4MB        4.3.1.2 (unbekannt)
HP Support Information        Hewlett-Packard        11.10.2009        0,16MB        10.1.0002 (unbekannt)
HP Update        Hewlett-Packard        11.10.2009        2,97MB        5.001.000.014 (unbekannt)
Iminent        Iminent        22.03.2012                4.52.52.0 (unbekannt)
IMinent Toolbar        IMinent        22.03.2012        3,38MB        3.26.0 (unbekannt)
IZArc 4.1        Ivan Zahariev        21.03.2010        12,4MB        4.1 (unbekannt)
Java(TM) 6 Update 29        Sun Microsystems, Inc.        21.05.2010        94,5MB        6.0.290 (unbekannt)
Java(TM) SE Development Kit 6 Update 23        Oracle        18.01.2011        128,3MB        1.6.0.230 (unbekannt)
JDownloader 0.9        AppWork GmbH        03.03.2012                0.9 (notwendig)
Kies Air Discovery Service        Samsung        22.03.2012 (notwendig)               
LabelPrint        CyberLink Corp.        11.10.2009        231MB        2.5.1901 (unbekannt)
LightScribe System Software        LightScribe        11.10.2009        22,5MB        1.18.5.1 (unbekannt)
Logitech SetPoint        Logitech        04.11.2011        17,00KB        4.80 (notwendig)
Magic Desktop        EasyBits Software AS        25.01.2010 (unbekannt)               
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        24.03.2012        17,4MB        1.60.1.1000 (unbekannt)
Messenger Plus! Live        Yuna Software        28.12.2010                4.90.0.392 (unnötig)
Microsoft .NET Framework 1.1        Microsoft        03.02.2010        34,8MB        1.1.4322 (unbekannt)
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        24.06.2010        38,8MB        4.0.30319 (unbekannt)
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        24.06.2010        2,94MB        4.0.30319 (unbekannt)
Microsoft .NET Framework 4 Extended        Microsoft Corporation        18.01.2011        52,0MB        4.0.30319 (unbekannt)
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        18.01.2011        10,7MB        4.0.30319 (unbekannt)
Microsoft .NET Framework 4 Multi-Targeting Pack        Microsoft Corporation        18.01.2011        83,5MB        4.0.30319 (unbekannt)
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        05.05.2011        31,3MB        3.5.88.0 (unnötig)
Microsoft Games for Windows Marketplace        Microsoft Corporation        05.05.2011        6,04MB        3.5.50.0 (unnötig)
Microsoft Help Viewer 1.0        Microsoft Corporation        18.01.2011        3,97MB        1.0.30319 (unbekannt)
Microsoft Help Viewer 1.0 Language Pack - DEU        Microsoft Corporation        18.01.2011        1,95MB        1.0.30319 (unbekannt)
Microsoft Office File Validation Add-In        Microsoft Corporation        15.09.2011        7,95MB        14.0.5130.5003 (unbekannt)
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        19.03.2012        102,2MB        12.0.6612.1000 (unbekannt)
Microsoft Silverlight        Microsoft Corporation        15.02.2012        194,1MB        4.1.10111.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        31.01.2010        1,72MB        3.1.0000
Microsoft SQL Server 2008 R2 Management Objects        Microsoft Corporation        18.01.2011        17,1MB        10.50.1447.4
Microsoft SQL Server Compact 3.5 SP2 DEU        Microsoft Corporation        18.01.2011        3,69MB        3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 DEU        Microsoft Corporation        18.01.2011        4,81MB        3.5.8080.0
Microsoft SQL Server System CLR Types        Microsoft Corporation        18.01.2011        2,55MB        10.50.1447.4
Microsoft Visual Basic 2010 Express - DEU        Microsoft Corporation        15.06.2011                10.0.30319
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        30.01.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        30.01.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.06.2011        0,29MB        8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        11.10.2009        1,48MB        8.0.61000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        30.01.2010        0,21MB        9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        30.01.2010        0,20MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        17.04.2010        1,70MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        11.10.2009        0,77MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,77MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        14.10.2011        3,14MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        13.06.2011        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        11.10.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        23.03.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974        Microsoft Corporation        18.01.2011        0,58MB        9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        06.01.2012        13,8MB        10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319        Microsoft Corporation        18.01.2011        33,0MB        10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        20.12.2011        15,0MB        10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools        Microsoft Corporation        18.01.2011        35,3MB        10.0.30319
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU        Microsoft Corporation        18.01.2011        4,32MB        10.0.30319 (unbekannt)
Microsoft Works        Microsoft Corporation        14.12.2010        500MB        9.7.0621
Mozilla Firefox 11.0 (x86 de)        Mozilla        19.03.2012        36,5MB        11.0 (notwendig)
MSI Afterburner 2.1.0        MSI Co., LTD        02.11.2011                2.1.0 (notwendig)
MSI Kombustor 2.0.0        MSI Co., LTD        02.11.2011        31,1MB        (unbekannt)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        30.01.2010        1,28MB        4.20.9870.0 (unbekannt)
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        30.01.2010        1,33MB        4.20.9876.0 (unbekannt)
MySQL Server 5.5        Oracle Corporation        18.01.2011        510MB        5.5.8 (unbekannt)
Need For Speed™ World        Electronic Arts        10.07.2011                1.0.0.105 (unnötig)
NVIDIA 3D Vision Controller-Treiber 285.62        NVIDIA Corporation        04.01.2012                285.62 (unbekannt)
NVIDIA 3D Vision Treiber 285.62        NVIDIA Corporation        04.01.2012                285.62
NVIDIA Drivers        NVIDIA Corporation        11.10.2009                1.3
NVIDIA Grafiktreiber 285.62        NVIDIA Corporation        04.01.2012                285.62
NVIDIA HD-Audiotreiber 1.2.24.0        NVIDIA Corporation        04.01.2012                1.2.24.0
NVIDIA PhysX-Systemsoftware 9.11.0621        NVIDIA Corporation        04.01.2012                9.11.0621
NVIDIA Update 1.5.20        NVIDIA Corporation        04.01.2012                1.5.20 (unbekannt)
OpenOffice.org 3.2        OpenOffice.org        17.04.2010        373MB        3.2.9483 (notwendig)
Origin        Electronic Arts, Inc.        13.01.2012                8.4.1.210 (notwendig)
PDFCreator        Frank Heindörfer, Philip Chinery        24.01.2011                1.2.0 (unbekannt)
Power2Go        CyberLink Corp.        11.10.2009        169,5MB        6.0.3101 (unbekannt)
PowerDirector        CyberLink Corp.        11.10.2009        522MB        7.0.3101 (unbekannt)
PriceGong 2.5.1        PriceGong        13.10.2011                2.5.1 (unbekannt)
PunkBuster Services        Even Balance, Inc.        04.01.2012                0.991 (unbekannt)
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        11.10.2009                6.0.1.5910 (unbekannt)
SpeedFan (remove only)                02.11.2011 (unbekannt)               
Steam        Valve Corporation        30.11.2010        1,49MB        1.0.0.0 (notwendig)
SUPER © Version 2010.bld.38 (May 2, 2010)        eRightSoft        31.10.2010                Version 2010.bld.38 (May 2, 2010) (unbekannt)
Testversion von Microsoft Office Home and Student 2007                29.01.2010 (unbekannt)               
The Elder Scrolls V: Skyrim        Bethesda Game Studios        19.12.2011 (notwendig)               
Total War: SHOGUN 2        The Creative Assembly        14.10.2011 (notwendig)               
Tt eSPORTS Challenger Pro        Tt eSPORTS        08.11.2011                2.2.0.0 (unbekannt)
TubeBox!        Jens Lorek        26.11.2010        12,9MB        3.4.1 (unbekannt)
Ubisoft Game Launcher        UBISOFT        03.05.2010                1.0.0.0 (unnötig)
Uninstall 1.0.0.1                12.04.2011        10,9MB        (unbekannt)
Visual Studio 2008 x64 Redistributables        AVG Technologies        22.03.2012        11,6MB        10.0.0.2 (unbekannt)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU        Microsoft Corporation        18.01.2011        11,2MB        4.0.8080.0 (unbekannt)
VLC media player 1.1.4        VideoLAN        31.10.2010                1.1.4 (notwendig)
Vuze_Remote Toolbar                29.01.2010 (unnötig)               
Windows Live Essentials        Microsoft Corporation        17.09.2011                15.4.3538.0513 (unbekannt)
Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        04.10.2010        5,58MB        15.4.5722.2 (unbekannt)
WinRAR                31.01.2010 (notwendig)               
WinZip 16.0        WinZip Computing, S.L.        22.03.2012        71,5MB        16.0.9715 (notwendig)

markusg 26.03.2012 15:49
deinstaliere:
Adobe Photoshop
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Avira SearchFree
Babylon
Bing
Call of Duty: das unnötige
Core Temp
CSS
CyberLink
DivX
DNA
ESN
EVEREST Home
facemoods
Fraps
FreeRIP
Google Chrome
Half-Life
Iminent

IMinent Toolbar
IZArc
Java: beide
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
LabelPrint
LightScribe
Magic Desktop
Messenger Plus
Microsoft Games : beide
Microsoft Silverlight
Need For Speed™
PDFCreator
Power2Go
PowerDirector
PriceGong
SpeedFan
SUPER ©
Tt eSPORTS
TubeBox
Vuze_Remote
Windows Live : alle die du nicht nutzt

öffne otl bereinigen neustart.
öffne ccleaner analysieren bereinigen neustart.
testen wie das system läuft

Heinrichter 26.03.2012 17:59
Chef hab alles so gemacht wie du es gesagt hast. Ich weiß zwar nicht was du mit meinem pc angestellt hast aber ich finds irgendwie super :Boogie: ^^ dankeee

markusg 26.03.2012 19:24
darf ich daraus schließen, dass es keine probleme mehr gibt?
dann sichern wir jetzt das system ab:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html
sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
http://filepony.de/download-sandboxie/
anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
Run updateChecker
when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
Windows 7 Systemabbild erstellen (Backup)
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:21 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131