OTL Logfile: Code:
OTL logfile created on: 15.02.2013 18:49:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ADMIN Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,25% Memory free
7,93 Gb Paging File | 5,47 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 203,00 Gb Free Space | 44,51% Space Free | Partition Type: NTFS
Computer Name: ADMINMARTIN | User Name: ADMIN Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\ADMIN Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\ADMIN Martin\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe ()
PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Users\ADMIN Martin\AppData\Roaming\tele.ring Verbindungsmanager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\BySoft FreeRAM\FreeRAM.exe (BySoft)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\pmc.dll ()
MOD - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
MOD - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AddonsHelper) -- C:\Users\ADMIN Martin\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe ()
SRV - (SearchAnonymizer) -- C:\Users\ADMIN Martin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Suche
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=3ef306280000000000000024d610728b
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{127E3622-83CB-46A5-9D53-9F9AE8DDB572}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{14003A82-886B-4F47-99E1-676F070101F0}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F686C3D646526713D7B7365617263685465726D737D266D657461&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{1B485D9C-D467-4E38-92AD-5B6D53DBD8EA}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{39A20890-B88B-401C-9603-57F369E8FCB6}: "URL" = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D33373237362D31363630392D302F343F73617469746C653D7B7365617263685465726D737D&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263682F3F703D7B7365617263685465726D737D2666723D76635F7472616E735F64655F3831393726747970653D64733273652664&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{85A9449E-7E45-4FDD-B36C-BBA59A7D3F47}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{D1E43FE5-8B1F-4AB2-8BCA-B0B078619A7B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{E51C4769-A19C-48D6-86EC-DD0330324439}: "URL" = hxxp://services.zinio.com.anonymize-me.de/?anonymto=687474703A2F2F73657276696365732E7A696E696F2E636F6D2F7365617263683F733D7B73656C656374696F6E7D2672663D736F6E79736C69636573&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{F135AF61-2AD7-49C7-BF91-9F230758417A}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.2
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.2.6
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:4.18
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120827
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.9
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B58bd07eb-0ee0-4df0-8121-dc9b693373df%7D:2.6.1095.52
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.47088
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.10
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.15 12:30:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.18 17:33:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.20 18:43:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.01.27 12:51:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\ADMIN Martin\AppData\Roaming\Helper [2013.02.15 17:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.14 17:40:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 19:22:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.09 18:16:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.14 17:40:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 19:22:36 | 000,000,000 | ---D | M]
[2009.12.01 13:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Extensions
[2013.02.14 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions
[2012.08.31 17:38:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.30 18:59:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.14 17:52:06 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.10.18 17:43:56 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.02.09 18:16:14 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\ffxtlbr@delta.com
[2012.09.03 07:10:35 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\foxmarks@kei.com
[2013.02.12 14:40:43 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.02.09 18:15:44 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\torntv@torntv.com.xpi
[2012.03.07 19:42:02 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.08.15 16:20:06 | 000,061,403 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.08.15 16:03:01 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.15 17:34:00 | 000,002,080 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\21810ed5-6834-4656-9239-ca05b77cff5f.xml
[2013.02.09 18:16:18 | 000,001,294 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\delta.xml
[2013.02.15 17:19:48 | 000,002,188 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\{0D1CF61D-CABC-4939-87B5-70A520ACE72F}.xml
[2013.02.15 17:19:48 | 000,002,077 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\{A1B699AE-12AD-4AB3-90CA-B9ADA758E3DA}.xml
[2013.02.15 17:19:48 | 000,001,870 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\{F0EAB79D-99B5-4293-9C1E-D6148D9A08B8}.xml
[2013.02.12 14:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 19:22:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.02.06 19:22:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.14 17:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.11.18 17:33:32 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.02.09 18:16:23 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013.02.14 17:40:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.01 20:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.02.15 17:19:48 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.15 17:19:48 | 000,006,576 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.02.15 17:19:48 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.15 17:19:48 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.15 17:19:48 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.15 17:19:48 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.15 17:19:48 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: Google
CHR - homepage: Yahoo! Suche
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.08.16 20:57:38 | 000,000,851 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\ADMIN Martin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [BySoft FreeRAM] C:\Program Files (x86)\BySoft FreeRAM\FreeRAM.exe (BySoft)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [HW_OPENEYE_OUC_tele.ring Verbindungsmanager] C:\Program Files (x86)\tele.ring Verbindungsmanager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\ADMIN Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} hxxp://webc.hsv-laufsport.com/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 92.62.30.3 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BA17AE1-8B05-40B6-A3C4-88B3EB7E35E3}: DhcpNameServer = 213.162.69.170 213.162.69.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B9B565C-06D3-446B-9A57-80B91D0C36EB}: DhcpNameServer = 92.62.30.3 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C51C54-2FB5-4517-A48D-D267060B0199}: DhcpNameServer = 213.162.69.169 213.162.65.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.14 20:49:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27cfdfa9-05b8-11e2-82c4-0024be789a5d}\Shell - "" = AutoRun
O33 - MountPoints2\{27cfdfa9-05b8-11e2-82c4-0024be789a5d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7374baaa-0d86-11df-99d3-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{7374baaa-0d86-11df-99d3-002643749b49}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{a3839830-2d2e-11df-8a4e-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{a3839830-2d2e-11df-8a4e-002643749b49}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{b7297a68-00a0-11e2-8fe5-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{b7297a68-00a0-11e2-8fe5-002643749b49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b7297a75-00a0-11e2-8fe5-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{b7297a75-00a0-11e2-8fe5-002643749b49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b7297a85-00a0-11e2-8fe5-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{b7297a85-00a0-11e2-8fe5-002643749b49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{E180241B-EB76-4C34-83A1-489F6DEE2BB7} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CCBCB3CD-DB11-9DF4-CA87-EA6704FCDADF} - Microsoft Windows Media Player
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.02.15 18:37:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ADMIN Martin\Desktop\OTL.exe
[2013.02.15 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Malwarebytes
[2013.02.15 18:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.15 18:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.15 18:13:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.15 18:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.15 17:34:00 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Helper
[2013.02.15 17:19:48 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Opera
[2013.02.15 17:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.15 17:19:40 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\OCS
[2013.02.15 17:09:23 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\IN-MEDIAKG
[2013.02.15 17:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IntelligentNetClean
[2013.02.15 17:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IntelligentNetClean
[2013.02.15 17:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mresreg
[2013.02.14 21:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.14 21:11:36 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013.02.14 20:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.14 20:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.02.14 17:52:15 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\QuickScan
[2013.02.13 19:04:22 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 19:04:14 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 19:04:14 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 19:04:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 19:04:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 19:04:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 19:04:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 19:03:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 19:03:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 19:03:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 19:03:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 19:03:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 19:03:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 19:02:41 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 19:01:22 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 19:01:19 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 19:01:18 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.12 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Pegasus Mail
[2013.02.12 15:18:25 | 000,000,000 | ---D | C] -- C:\PMAIL
[2013.02.12 15:07:36 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Thunderbird
[2013.02.12 15:07:36 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Local\Thunderbird
[2013.02.09 18:16:26 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.02.09 18:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.02.09 18:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.02.09 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Delta
[2013.02.09 18:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.09 18:15:55 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Babylon
[2013.02.09 18:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.09 18:15:40 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013.02.09 18:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013.02.08 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BySoft FreeRAM
[2013.02.08 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BySoft FreeRAM
[2013.02.08 20:56:43 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.08 20:56:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.08 20:56:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.08 20:56:29 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.07 17:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator
[2013.02.07 17:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Notifier and Animation Creator
[2013.02.07 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Local\IM
[2013.02.07 17:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
[2013.02.07 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2013.02.07 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IncrediMail
[2013.02.07 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IM
[2013.02.06 19:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.03 16:07:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0F141AD0-9A8F-4DBC-A7F2-DCBF5ED1FF92}
[2013.02.03 16:07:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{FC8D5DAA-5791-4225-A173-7BF25575F648}
[2013.02.03 16:07:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{7AB2EEE1-F21F-4431-9549-BDEE9335BAE6}
[2013.02.03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F9FD83FE-5CD4-41B4-9065-C45477A1D364}
[2013.02.03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{BD678B7F-2061-43DA-B7A0-FCCCD3564132}
[2013.02.03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8873B575-5590-46D0-ABB6-64D478FFB936}
[2013.02.03 16:07:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{960C181C-8BAF-4454-9485-C222360C989E}
[2013.02.03 16:06:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{AEDF99A0-656C-4ABA-B687-D8EC446B94B8}
[2013.02.03 16:06:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{CBA2BE5D-1816-4E52-9B44-67D66A261B27}
[2013.02.03 16:05:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{6575F59A-000F-4C1F-B5E3-AF92CE1F09F4}
[2013.02.03 16:05:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{957E720E-B299-4B86-8A03-DED43BF87292}
[2013.02.03 16:05:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{C0AB7B39-B8F7-400B-A1FC-175C28CCA03E}
[2013.02.03 16:05:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{96B45E4C-AA46-48CB-954B-BBDBD1FE7A0A}
[2013.02.03 16:05:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{FB935362-F692-4AF0-8B29-ED3B844F38B4}
[2013.02.03 16:05:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{8C9645D5-990E-419B-BC2A-0892CB65E9A9}
[2013.02.03 16:05:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{962E025A-6DB7-42F1-A20B-E9BE2361609F}
[2013.02.03 16:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{294EF732-A941-4563-9153-42EC96D23256}
[2013.02.03 16:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{1F3C5872-C260-40E3-BB0A-74E57CFB8F19}
[2013.02.03 16:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{88139E39-ADA8-4E1B-95B6-E514FB63B8E5}
[2013.02.03 16:04:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{E26D12A5-10C6-4731-BF50-420A21404F3C}
[2013.02.03 16:04:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{46A2A796-E1D2-424C-9C63-E9500FE5D6F7}
[2013.02.03 16:02:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{74BC2B42-2E6E-4260-8B19-4D6AB8F2B33F}
[2013.02.03 16:02:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7F99CC0A-5B85-4B92-AE4B-B09C6FC4C165}
[2013.02.03 16:02:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{09FD9EDD-2E73-43EC-A2D4-C2E94AAA0D98}
[2013.02.03 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{35BDFAEE-2E74-4EC4-92A2-C7FD4C5A8BBE}
[2013.02.03 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E7AF2548-E699-42C9-A47D-87A12942BD8F}
[2013.02.03 16:02:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{A56605AC-DA31-480B-8D32-FDE061F24A29}
[2013.02.03 16:01:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{B2EE2127-933A-46C3-A901-F9E143F4B2B0}
[2013.02.03 16:01:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{550FD277-C7BA-4BA5-87C6-08166C39A950}
[2013.02.03 16:01:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{92D3F3F5-400D-4D64-A68F-13F4F2EF48BF}
[2013.02.03 16:01:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D13D9169-3C2E-41A4-8C95-681B16A22FEB}
[2013.02.03 16:00:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{0F423034-1CF9-4416-8097-9C7883B40160}
[2013.02.03 16:00:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{60B18D0B-059B-47EB-AAAF-DBCB027E335F}
[2013.02.03 16:00:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{849469BB-4944-49A9-9BAC-2529D3D72C7A}
[2013.02.03 16:00:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{614E35B9-3550-4462-B415-0F9D812C1401}
[2013.02.03 16:00:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{7FB4D0CD-9BF2-4D2A-A027-4E03BABEFA21}
[2013.02.03 15:59:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{941BEDD6-5FE2-4585-807F-88070723A0A9}
[2013.02.03 15:58:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{4BC0CA0B-DEDC-4F90-9451-77E1C3BEA097}
[2013.02.03 15:58:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{C0453023-D53A-4A1E-8D4B-70CD70657DC9}
[2013.02.03 15:58:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{B6DC0BE2-4D08-4420-AEC0-4814296E509E}
[2013.02.03 15:58:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{5A45CA50-CBA1-44C3-9A11-AAFF4948AC30}
[2013.02.03 15:58:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4875925A-46C5-48EB-A959-38239BA215D1}
[2013.02.03 15:56:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5AEF8284-57B0-48FA-BE49-3EDB1EAE886B}
[2013.02.03 15:56:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0DFA62A0-5D1B-453C-ADC2-BF33A550E2E9}
[2013.02.03 15:56:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F26BB389-356B-4A7F-828C-ACA695E551AA}
[2013.02.03 15:56:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{C9B40143-0B9C-4272-B966-2BE1CF1B43AF}
[2013.02.03 15:55:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{AA408B36-2C8F-4D3F-A21F-EB3431B3F930}
[2013.02.03 15:55:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{9AA605F9-7FA3-4DBC-8440-ED965426C70B}
[2013.02.03 15:55:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{FA6EBE04-7497-4AE9-975B-B77B88D64F4A}
[2013.02.03 15:55:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{4E604B3C-E504-4638-A176-96E916947531}
[2013.02.03 15:53:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{6CA18FEA-A629-4757-9265-18972952A9DC}
[2013.02.03 15:53:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{23A5C30D-E186-4C7E-BA21-3740223176BA}
[2013.02.03 15:53:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{6D7F5783-EA0B-4BF4-AB89-B102FB9DFBE9}
[2013.02.03 15:53:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{81EB7DBE-FC2E-4EE7-8756-1547F0FAA830}
[2013.02.03 15:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A23A5BB6-2DDD-4A5A-A4FC-B4349BBDDB4E}
[2013.02.03 15:49:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{B98EA7E8-12B6-458C-B284-78135F1C35CB}
[2013.02.03 15:49:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{90308D11-42AF-4A77-BBF3-F63E9D2A6E45}
[2013.02.03 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{D9075E57-55AF-48ED-B59F-2DE365D11DF5}
[2013.02.03 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{6584426A-00F7-46A1-8C7B-3BD847048777}
[2013.02.03 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{15391716-09EA-4B94-B633-4E1E8DFFB3CF}
[2013.02.03 15:33:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{628259B9-F8ED-4765-9D64-7EBD67B0DB2C}
[2013.02.03 15:33:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{5CFBEE09-AC9A-4416-AE2E-D6560AAEDC6F}
[2013.02.03 15:33:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{0260B41F-1105-4281-9656-B8A0C6D0DE6B}
[2013.02.03 15:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{881B7091-E7DA-47BF-B28D-8D384B51B1C9}
[2013.02.03 15:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{823377AE-9F1C-4EA0-8BB7-D24A4AA27354}
[2013.02.03 15:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9D0B9BF9-6BB8-444E-BEF7-D816F35F22D8}
[2013.02.03 15:29:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C42FC20A-2E75-4723-B0A3-D786897E68D7}
[2013.02.03 15:29:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{C277576C-5F25-438C-90D8-658C08FC3590}
[2013.02.03 15:29:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{7AAD0434-C883-44D7-9ED9-FDB6153AB056}
[2013.02.03 15:29:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{0CBB48E4-0D89-4DC4-845C-D2ED90F812C6}
[2013.02.03 15:29:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4D7EFEDB-FCB7-4716-8910-4D6162392A74}
[2013.02.03 15:29:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{FBD38C1D-6B71-4C80-AEB8-D64E22A48248}
[2013.02.03 15:29:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8E1A4918-F063-49DA-A18F-C1D8C5B2F8F9}
[2013.02.03 15:29:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{7BD46B1F-5C6E-4871-863B-8E7EDEA8BF90}
[2013.02.03 15:29:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{A76D5B1D-3B70-40DF-B0AF-2730BF314DE4}
[2013.02.03 15:29:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{9D6F71EE-9F71-45E6-A368-4314B27111A2}
[2013.02.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{29C4AFB5-E7C0-4D91-AAD5-6246BAE8FFA5}
[2013.02.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{22473CB0-EA87-4526-88B4-F17BAA7734DB}
[2013.02.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AAB2FE19-362A-451E-A04D-FB299B6457E4}
[2013.02.03 15:29:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{E206A297-8134-4716-BEFF-81890706276C}
[2013.02.03 15:29:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3053B8A7-CF94-4953-8C90-C0B02B9E330D}
[2013.02.03 15:29:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{BEDACBB1-73A0-4A52-90AC-B3313F2CC12F}
[2013.02.03 15:29:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{B2033148-D2E0-40B6-BD07-17838D63D26F}
[2013.02.03 15:29:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F805A152-2618-48BE-A104-CEBAB23F7C27}
[2013.02.03 15:29:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{F19DC849-C6F1-4522-A928-DEB7BF4C81DA}
[2013.02.03 15:29:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{050CEA33-B650-436E-A095-DE0FD27DCEFB}
[2013.02.03 15:29:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{2C7C9ABA-6F27-4799-ACCE-3322F67EC69F}
[2013.02.03 15:28:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{12C5D528-ED0F-4F11-B6E0-F5B9CC15985A}
[2013.02.03 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{5C5EE20D-4BAF-4408-8EFA-E0588FFECF3B}
[2013.02.03 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7D9B835A-CC38-445F-826A-2EDB110BCEE5}
[2013.02.03 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2EA6371E-E407-4771-8DFE-D5D97ACDD57C}
[2013.02.03 15:28:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{BD14D190-4EFD-470C-A100-2D93CD482F5F}
[2013.02.03 15:26:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{80FF3CF9-AA6B-45A8-AA58-B73895C5DD96}
[2013.02.03 15:26:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{B92F21E7-3807-4E3E-AB36-D5F36247238A}
[2013.02.03 15:26:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{A52981B1-F32A-4F9D-960E-B895C29B5E2A}
[2013.02.03 15:26:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A2EE6CE5-BB6A-455F-A52D-E903476755FF}
[2013.02.03 13:22:24 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Desktop\Filme Neu
[2013.01.27 14:14:33 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Documents\Benutzerdefinierte Office-Vorlagen
[2013.01.27 12:51:52 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Documents\Freemake
[2013.01.27 12:51:51 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.01.27 12:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.01.27 12:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.01.27 12:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013.01.27 10:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.01.27 10:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013.01.27 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013.01.27 10:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2013.01.22 21:12:44 | 000,000,000 | R--D | C] -- C:\Users\ADMIN Martin\Dropbox
[2013.01.20 19:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{50285130-E65B-4C66-9A6A-A08F93A02781}
[2013.01.20 19:04:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{79C424F9-D96F-4C6A-AC92-0CF5796D210C}
[2013.01.20 19:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{433AD796-3396-4070-85C4-3209CBF9F7A1}
[2013.01.20 19:03:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{F2F7E25D-8E29-497A-A803-ED194FEB6726}
[2013.01.20 19:03:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{6C3430A9-AF21-49FF-A486-F855258FFCF9}
[2013.01.20 19:03:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{BBE17A63-E7A1-47D8-B927-FD19277F0FBB}
[2013.01.20 19:03:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{F9EDEB56-6B54-4EE9-89A9-BB38A446BF36}
[2013.01.20 19:03:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B441D4AA-2A92-4FE7-A6C7-B9D618B4AF08}
[2013.01.20 19:03:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{6D693C7F-82A0-4CBD-9D90-51369E79C367}
[2013.01.20 19:03:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AFBE2E1B-195E-4E41-8A1E-5A12A4ED8EC6}
[2013.01.20 19:03:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E3DDBB8A-0F3C-4315-97C2-A4E95A7D89BB}
[2013.01.20 19:03:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3DAC7CA9-6EC0-40C2-A4F6-E77EDD86AA82}
[2013.01.20 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Desktop\youtube Musik
[2013.01.20 18:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.20 18:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.20 15:15:34 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Documents\NeroVision
[2013.01.20 15:09:04 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Media Player Classic
[2013.01.20 15:06:19 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2013.01.20 15:06:19 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Video DVD Maker FREE
[2013.01.20 15:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.01.20 15:05:28 | 000,839,680 | ---- | C] (www) -- C:\Windows\SysWow64\lameACM.acm
[2013.01.20 15:05:26 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.01.20 15:05:26 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2013.01.20 15:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013.01.20 15:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video DVD Maker
[2013.01.20 15:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video DVD Maker
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.15 18:37:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN Martin\Desktop\OTL.exe
[2013.02.15 18:27:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.15 18:13:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.15 17:10:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 17:10:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 17:08:53 | 000,001,093 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\IntelligentNetClean.lnk
[2013.02.15 17:02:13 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.02.15 17:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 17:00:18 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 21:43:10 | 000,000,123 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Local\rssbuilder.config
[2013.02.14 21:26:12 | 000,161,076 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Local\ars.cache
[2013.02.14 21:10:48 | 000,000,036 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Local\housecall.guid.cache
[2013.02.14 20:49:32 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.02.14 03:41:38 | 000,547,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 03:10:52 | 001,528,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 03:10:52 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 03:10:52 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 03:10:52 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 03:10:52 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.12 14:40:35 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.10 20:44:28 | 000,023,024 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\wir-bewegen-.html
[2013.02.09 08:27:29 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.09 08:27:29 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.08 20:56:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.08 20:56:20 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.08 20:56:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.08 20:56:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.08 20:56:17 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.08 20:56:17 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.07 18:13:50 | 000,005,632 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.07 17:44:28 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2013.01.27 12:51:51 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.01.27 12:44:28 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013.01.27 10:35:54 | 000,003,037 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\Excel 2013.lnk
[2013.01.27 10:35:54 | 000,003,015 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\Word 2013.lnk
[2013.01.27 10:35:54 | 000,002,937 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\PowerPoint 2013.lnk
[2013.01.27 10:35:54 | 000,002,864 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\Outlook 2013.lnk
[2013.01.26 21:37:23 | 000,151,773 | ---- | M] () -- C:\Users\Public\Documents\U11MK_U14BLMMK_Bruck_2012_Ergebnisse_Aussendung1.mht
[2013.01.20 18:45:25 | 000,000,462 | ---- | M] () -- C:\Users\ADMIN Martin\Corel.rar
[2013.01.20 18:44:38 | 000,001,402 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.20 15:15:02 | 000,003,524 | ---- | M] () -- C:\Users\ADMIN Martin\Documents\SVCD1.nsd
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.15 18:13:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.15 17:08:53 | 000,001,093 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\IntelligentNetClean.lnk
[2013.02.14 21:26:12 | 000,161,076 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\ars.cache
[2013.02.14 21:10:48 | 000,000,036 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\housecall.guid.cache
[2013.02.14 20:49:32 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.02.10 20:49:26 | 000,023,024 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\wir-bewegen-.html
[2013.02.07 17:44:28 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
[2013.02.07 17:44:28 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2013.01.27 12:51:51 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.01.27 11:07:31 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2013.01.27 10:55:08 | 000,002,937 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\PowerPoint 2013.lnk
[2013.01.27 10:54:42 | 000,003,037 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\Excel 2013.lnk
[2013.01.27 10:53:39 | 000,002,864 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\Outlook 2013.lnk
[2013.01.27 10:53:25 | 000,003,015 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\Word 2013.lnk
[2013.01.27 10:29:47 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013.01.26 21:37:20 | 000,151,773 | ---- | C] () -- C:\Users\Public\Documents\U11MK_U14BLMMK_Bruck_2012_Ergebnisse_Aussendung1.mht
[2013.01.20 18:45:25 | 000,000,462 | ---- | C] () -- C:\Users\ADMIN Martin\Corel.rar
[2013.01.20 18:44:38 | 000,001,402 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.20 15:15:02 | 000,003,524 | ---- | C] () -- C:\Users\ADMIN Martin\Documents\SVCD1.nsd
[2013.01.20 15:05:32 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.20 15:05:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013.01.20 15:05:28 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2013.01.20 15:05:26 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.01.20 15:05:25 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.01.20 15:05:23 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.01.09 19:02:46 | 000,000,184 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\rssbuilder.ftpconfig
[2013.01.09 19:01:20 | 000,000,123 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\rssbuilder.config
[2012.09.11 20:32:12 | 000,005,632 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.15 12:19:27 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.25 15:54:02 | 000,000,194 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Roaming\default.pls
[2010.01.04 09:31:03 | 000,001,024 | ---- | C] () -- C:\Users\ADMIN Martin\.rnd
[2009.12.03 17:11:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.02 13:59:11 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2009.12.01 15:02:25 | 000,000,000 | -HSD | M] -- C:\Users\ADMIN Martin\AppData\Roaming\.#
[2013.02.13 19:04:15 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Anvsoft
[2013.02.09 18:15:55 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Babylon
[2012.08.15 22:55:52 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.02.09 18:16:21 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Delta
[2013.01.21 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\DVDVideoSoft
[2011.10.10 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.28 12:49:54 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Eltima Software
[2013.01.04 15:08:23 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\FileZilla
[2010.09.24 10:54:06 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Ge org Internet Manager
[2013.01.04 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\GlobalSCAPE
[2013.02.15 17:09:23 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\IN-MEDIAKG
[2013.01.04 15:01:31 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\kompozer.net
[2013.02.15 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\OCS
[2013.01.04 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\OpenCandy
[2013.02.15 17:19:48 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Opera
[2012.11.23 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Origin
[2013.02.12 15:18:48 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Pegasus Mail
[2012.09.18 18:08:23 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Program Files (x86)
[2013.02.15 18:06:16 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\QuickScan
[2012.09.19 05:57:37 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\tele.ring Verbindungsmanager
[2013.02.12 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Thunderbird
[2012.12.18 10:22:19 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\TS3Client
[2013.01.04 15:35:57 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\TuneUp Software
[2013.02.15 19:00:38 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\uTorrent
[2013.01.20 15:06:19 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Video DVD Maker FREE
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009.12.01 15:30:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.12.01 16:27:54 | 000,000,000 | ---D | M] -- C:\Click to Disc
[2011.10.15 13:17:49 | 000,000,000 | ---D | M] -- C:\divx
[2009.09.07 06:07:08 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.01 11:09:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.12.05 13:09:58 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.12 15:18:36 | 000,000,000 | ---D | M] -- C:\PMAIL
[2013.02.14 20:48:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.15 18:13:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.15 18:13:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.01 11:09:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.09.07 05:35:42 | 000,000,000 | -H-D | M] -- C:\SPLASH.000
[2009.09.07 05:35:34 | 000,000,000 | -H-D | M] -- C:\SPLASH.SYS
[2013.02.15 18:52:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.27 11:00:12 | 000,000,000 | ---D | M] -- C:\Update
[2009.12.01 11:09:40 | 000,000,000 | R--D | M] -- C:\Users
[2009.12.01 14:45:07 | 000,000,000 | ---D | M] -- C:\VAIO Entertainment
[2013.01.20 15:06:19 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2012.12.09 10:57:49 | 000,000,000 | ---D | M] -- C:\wamp
[2013.02.14 21:04:10 | 000,000,000 | ---D | M] -- C:\Windows
[2009.09.07 06:07:08 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.31 05:02:11 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< MD5 for: AGP440.SYS >
[2008.12.10 15:36:09 | 017,815,374 | ---- | M] () .cab file -- C:\Users\ADMIN Martin\Desktop\Software\WIN XP\I386\sp3.cab:AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.12.10 15:36:09 | 017,815,374 | ---- | M] () .cab file -- C:\Users\ADMIN Martin\Desktop\Software\WIN XP\I386\sp3.cab:atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2010.01.06 11:26:57 | 000,001,024 | ---- | M] () -- C:\Users\ADMIN Martin\.rnd
[2013.01.20 18:45:25 | 000,000,462 | ---- | M] () -- C:\Users\ADMIN Martin\Corel.rar
[2013.02.15 19:18:35 | 005,242,880 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat
[2013.02.15 19:18:35 | 000,262,144 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat.LOG1
[2009.12.01 11:09:42 | 000,000,000 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat.LOG2
[2009.12.01 13:20:13 | 000,065,536 | -HS- | M] () -- C:\Users\ADMIN Martin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.12.01 13:20:13 | 000,524,288 | -HS- | M] () -- C:\Users\ADMIN Martin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.12.01 13:20:13 | 000,524,288 | -HS- | M] () -- C:\Users\ADMIN Martin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.06.19 11:50:20 | 000,065,536 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat{5ee0356b-9a61-11e0-bbc4-0024d610728a}.TM.blf
[2011.06.19 11:50:20 | 000,524,288 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat{5ee0356b-9a61-11e0-bbc4-0024d610728a}.TMContainer00000000000000000001.regtrans-ms
[2011.06.19 11:50:20 | 000,524,288 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat{5ee0356b-9a61-11e0-bbc4-0024d610728a}.TMContainer00000000000000000002.regtrans-ms
[2009.12.01 11:09:43 | 000,000,020 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< Schliesse bitte nun alle Programme >
========== Alternate Data Streams ==========
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DED17083
< End of report >
--- --- --- |
TDSSKiller.exe und speichere diese Datei auf dem Desktop