"Achtung aus Sicherheitsgründen..."
 

Hallo,
beim surfen trat bei mir plötzlich die Fehlermeldung "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
Ich sehe ein schwarzen Bildschirm mit diesem Text. Dann geht nichts mehr.
Mit Strg+Alt+Entf komme ich allerdings ins Menü un kann runterfahren.
Bei ausgeschaltetem Internet tritt keine Fehlermeldung auf. Internet Explorer funzt eine Weile, Firefox zeigt direkt diese Meldung an. Avira hat beim ersten Durchlauf nichts gefunden.
Ich verwende Windows 7. Ich hoffe ihr könnt mir helfen.

hi,
starte mal neu, drücke f8 wähle abgesicherter modus mit netzwerk, da kannst du problemlos im internet arbeiten, normalerweise.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die
  OTL.exe
  .
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
  Textbox.

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere
  nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to the VAIO portal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Sony | MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Sony | MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: c:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.01 17:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.01.22 10:14:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.17 22:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.01.17 15:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's\AppData\Roaming\mozilla\Extensions
[2012.01.30 15:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's\AppData\Roaming\mozilla\Firefox\Profiles\tcz719vp.default\extensions
[2012.01.17 16:40:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\David's\AppData\Roaming\mozilla\Firefox\Profiles\tcz719vp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.17 16:46:53 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\David's\AppData\Roaming\mozilla\Firefox\Profiles\tcz719vp.default\extensions\ffxtlbr@Facemoods.com
[2012.01.17 15:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DAVID'S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TCZ719VP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DAVID'S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TCZ719VP.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.17 16:46:54 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120121020136.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120121020136.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Mozilla client] C:\Users\David's\AppData\Local\Mozilla\Firefox\firefox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\David's\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\David's\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - c:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - c:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9887A309-98B9-4036-BBE9-6A8C53D803DC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA71CFF1-C8DF-4C0C-A7BA-8B31F41FCAEC}: DhcpNameServer = 62.25.0.10 62.25.0.66
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012.02.02 15:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.02.01 22:01:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\David's\Desktop\OTL.exe
[2012.02.01 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Diagnostics
[2012.01.31 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\David's\.thumbnails
[2012.01.29 15:16:14 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Programs
[2012.01.29 15:15:12 | 000,000,000 | ---D | C] -- C:\Users\David's\Documents\WebCam Media
[2012.01.29 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\ArcSoft
[2012.01.29 15:13:27 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\ArcSoft
[2012.01.27 19:29:12 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\HP
[2012.01.27 19:27:16 | 000,000,000 | ---D | C] -- C:\Users\David's\Documents\My Scans
[2012.01.27 19:20:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HP
[2012.01.27 19:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.01.27 19:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012.01.27 19:18:28 | 000,276,480 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpcc3093.DLL
[2012.01.27 19:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.01.27 19:14:02 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.01.27 19:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.01.27 19:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2012.01.27 19:10:59 | 000,000,000 | ---D | C] -- C:\CM1312_Full_Solution_Win7_5_1_AM-EMEA1
[2012.01.27 17:59:49 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.01.27 17:59:49 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.01.25 22:46:11 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Adobe
[2012.01.22 11:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.01.19 22:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.01.19 22:20:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.01.19 19:03:27 | 000,000,000 | ---D | C] -- C:\Users\David's\Desktop\.minecraft
[2012.01.18 20:23:28 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\.minecraft
[2012.01.18 17:44:34 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\gtk-2.0
[2012.01.18 17:42:01 | 000,000,000 | ---D | C] -- C:\Users\David's\.gimp-2.6
[2012.01.18 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\David's\Documents\gegl-0.0
[2012.01.17 17:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.01.17 16:56:36 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.01.17 16:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.01.17 16:54:15 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Avira
[2012.01.17 16:53:25 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Apple Computer
[2012.01.17 16:53:25 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Apple Computer
[2012.01.17 16:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.17 16:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.01.17 16:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.17 16:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.01.17 16:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.17 16:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.01.17 16:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.01.17 16:50:31 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Apple
[2012.01.17 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.01.17 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.01.17 16:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.17 16:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.01.17 16:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.01.17 16:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.01.17 16:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.17 16:48:55 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.01.17 16:48:55 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.01.17 16:48:55 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.01.17 16:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.17 16:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.01.17 16:47:42 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2012.01.17 16:47:41 | 000,000,000 | ---D | C] -- C:\Users\David's\Documents\VirtualDJ
[2012.01.17 16:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012.01.17 16:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012.01.17 16:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2012.01.17 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2012.01.17 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.01.17 16:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.01.17 16:45:01 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Google
[2012.01.17 16:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.01.17 16:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.17 16:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.17 16:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.01.17 16:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012.01.17 16:40:53 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.17 16:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.01.17 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\David's\Documents\DVDVideoSoft
[2012.01.17 16:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.01.17 16:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.01.17 16:39:44 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\ICQ
[2012.01.17 16:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7
[2012.01.17 16:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.01.17 16:36:27 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\WinRAR
[2012.01.17 16:36:27 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.17 16:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.17 16:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.01.17 15:43:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2012.01.17 15:43:05 | 000,000,000 | ---D | C] -- C:\Users\David's\Documents\Sony PMB
[2012.01.17 15:42:44 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\NVIDIA
[2012.01.17 15:40:47 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Microsoft Help
[2012.01.17 15:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.01.17 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\SoftGrid Client
[2012.01.17 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\SoftGrid Client
[2012.01.17 15:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.01.17 15:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.01.17 15:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.01.17 15:38:22 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\TP
[2012.01.17 15:29:23 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Mozilla
[2012.01.17 15:29:23 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Mozilla
[2012.01.17 15:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.01.17 14:48:07 | 000,000,000 | ---D | C] -- C:\Update
[2012.01.17 14:41:20 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Adobe
[2012.01.17 14:38:22 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Sony Corporation
[2012.01.17 14:37:26 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Intel Corporation
[2012.01.17 14:37:26 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\BMExplorer
[2012.01.17 14:37:26 | 000,000,000 | ---D | C] -- C:\Users\David's\Documents\Bluetooth Folder
[2012.01.17 14:37:19 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Atheros
[2012.01.17 14:37:02 | 000,000,000 | R--D | C] -- C:\Users\David's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.01.17 14:37:02 | 000,000,000 | R--D | C] -- C:\Users\David's\Searches
[2012.01.17 14:37:02 | 000,000,000 | R--D | C] -- C:\Users\David's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.01.17 14:36:53 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Identities
[2012.01.17 14:36:50 | 000,000,000 | R--D | C] -- C:\Users\David's\Contacts
[2012.01.17 14:36:48 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\VirtualStore
[2012.01.17 14:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool
[2012.01.17 14:33:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.17 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Sony Corporation
[2012.01.17 14:33:17 | 000,000,000 | --SD | C] -- C:\Users\David's\AppData\Roaming\Microsoft
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Videos
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Saved Games
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Pictures
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Music
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Links
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Favorites
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Downloads
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Documents
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\Desktop
[2012.01.17 14:33:17 | 000,000,000 | R--D | C] -- C:\Users\David's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Vorlagen
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\AppData\Local\Verlauf
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\AppData\Local\Temporary Internet Files
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Startmenü
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\SendTo
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Recent
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Netzwerkumgebung
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Lokale Einstellungen
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Documents\Eigene Videos
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Documents\Eigene Musik
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Eigene Dateien
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Documents\Eigene Bilder
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Druckumgebung
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Cookies
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\AppData\Local\Anwendungsdaten
[2012.01.17 14:33:17 | 000,000,000 | -HSD | C] -- C:\Users\David's\Anwendungsdaten
[2012.01.17 14:33:17 | 000,000,000 | -H-D | C] -- C:\Users\David's\AppData
[2012.01.17 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Temp
[2012.01.17 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Local\Microsoft
[2012.01.17 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Media Center Programs
[2012.01.17 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\David's\AppData\Roaming\Macromedia
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.01.17 14:33:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.01.10 18:04:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.01.10 16:41:29 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\winrm
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\winrm
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WCN
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sysprep
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\slmgr
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Printing_Admin_Scripts
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF\de-DE
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2012.01.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2012.01.10 16:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WCN
[2012.01.10 16:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\slmgr
[2012.01.10 16:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Printing_Admin_Scripts
[2012.01.10 16:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2012.01.10 16:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2012.01.10 16:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2012.01.10 16:40:17 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2012.01.10 16:40:17 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2012.01.10 16:40:14 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2012.01.10 16:40:14 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2012.01.10 08:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012.01.10 08:52:02 | 000,000,000 | ---D | C] -- C:\VAIO Sample Contents
[2012.01.10 08:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.01.10 08:42:24 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.01.10 08:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.01.10 08:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.01.10 08:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.01.10 08:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nascom
[2012.01.10 08:41:30 | 097,167,020 | ---- | C] (Axialis Software) -- C:\Windows\SysNative\VAIO Hero Screensaver - Summer 2011.scr
[2012.01.10 08:38:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayStation Extras
[2012.01.10 08:38:40 | 000,000,000 | -H-D | C] -- C:\SPLASH.000
[2012.01.10 08:38:26 | 000,000,000 | -H-D | C] -- C:\SPLASH.SYS
[2012.01.10 08:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2012.01.10 08:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.01.10 08:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB
[2012.01.10 08:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.01.10 08:21:08 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2012.01.10 08:21:07 | 000,055,808 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System\ArcSoftKsUFilter.dll
[2012.01.10 08:21:07 | 000,019,968 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys
[2012.01.10 08:20:38 | 000,014,112 | ---- | C] (InterVideo) -- C:\Windows\SysNative\drivers\regi.sys
[2012.01.10 08:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
[2012.01.10 08:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InterVideo
[2012.01.10 08:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012.01.10 08:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.01.10 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012.01.10 08:19:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\ArcSoft
[2012.01.10 08:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Webcam Suite
[2012.01.10 08:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012.01.10 08:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.01.10 08:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.01.10 08:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.01.10 08:17:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.01.10 08:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.01.10 08:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.01.10 08:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.01.10 08:15:52 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.01.10 08:14:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.01.10 08:14:27 | 000,000,000 | ---D | C] -- C:\Windows\uk
[2012.01.10 08:14:23 | 000,000,000 | ---D | C] -- C:\Windows\tr
[2012.01.10 08:14:19 | 000,000,000 | ---D | C] -- C:\Windows\sv
[2012.01.10 08:14:15 | 000,000,000 | ---D | C] -- C:\Windows\sk
[2012.01.10 08:14:12 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2012.01.10 08:14:08 | 000,000,000 | ---D | C] -- C:\Windows\ro
[2012.01.10 08:14:04 | 000,000,000 | ---D | C] -- C:\Windows\pt-pt
[2012.01.10 08:14:00 | 000,000,000 | ---D | C] -- C:\Windows\pl
[2012.01.10 08:13:56 | 000,000,000 | ---D | C] -- C:\Windows\no
[2012.01.10 08:13:52 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.01.10 08:13:49 | 000,000,000 | ---D | C] -- C:\Windows\hu
[2012.01.10 08:13:45 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012.01.10 08:13:41 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.01.10 08:13:37 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.01.10 08:13:33 | 000,000,000 | ---D | C] -- C:\Windows\fi
[2012.01.10 08:13:29 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.01.10 08:13:26 | 000,000,000 | ---D | C] -- C:\Windows\da
[2012.01.10 08:13:22 | 000,000,000 | ---D | C] -- C:\Windows\cs
[2012.01.10 08:13:18 | 000,000,000 | ---D | C] -- C:\Windows\bg
[2012.01.10 08:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.10 08:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.01.10 08:08:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.10 08:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.01.10 08:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.01.10 08:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.10 08:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.01.10 08:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.01.10 08:05:31 | 000,000,000 | ---D | C] -- C:\temp
[2012.01.10 08:05:12 | 000,000,000 | ---D | C] -- C:\_FS_SWRINFO
[2012.01.10 08:05:11 | 000,000,000 | ---D | C] -- C:\Documentation
[2012.01.10 08:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012.01.10 08:04:26 | 000,000,000 | ---D | C] -- C:\Windows\Sonysys
[2012.01.10 08:03:14 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012.01.10 08:03:10 | 000,161,168 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012.01.10 08:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mcafee.com
[2012.01.10 08:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\mcafee
[2012.01.10 08:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mcafee
[2012.01.10 08:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\mcafee.com
[2012.01.10 08:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\mcafee
[2012.01.10 08:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012.01.10 08:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.01.10 08:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.01.10 08:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.01.10 08:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.01.10 08:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.10 08:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2012.01.10 08:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2012.01.10 08:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.01.10 08:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.01.10 07:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2012.01.10 07:59:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
[2012.01.10 07:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.01.10 07:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.01.10 07:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.01.10 07:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.01.10 07:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.01.10 07:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.01.10 07:55:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2012.01.10 07:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2012.01.10 07:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2012.01.10 07:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012.01.10 07:53:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.01.10 07:53:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.01.10 07:51:27 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.01.10 07:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.01.10 07:51:25 | 000,000,000 | ---D | C] -- C:\Intel
[2012.01.10 07:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.02 15:41:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.02 15:41:46 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.02 15:40:48 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 15:40:48 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 15:40:05 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.02 15:40:05 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.02 15:40:05 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.02 15:40:05 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.02 15:40:05 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.01 22:17:15 | 018,829,760 | ---- | M] () -- C:\Users\David's\Desktop\TuneUpUtilities2012_de-DE.exe.fa3h0c6.partial
[2012.02.01 22:01:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\David's\Desktop\OTL.exe
[2012.01.31 15:47:02 | 000,045,779 | ---- | M] () -- C:\Users\David's\Desktop\bosse.jpg
[2012.01.31 15:47:02 | 000,003,494 | ---- | M] () -- C:\Users\David's\.recently-used.xbel
[2012.01.30 19:16:41 | 000,392,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.27 19:22:53 | 000,199,151 | ---- | M] () -- C:\Windows\hppins11.dat
[2012.01.27 19:20:56 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.27 19:20:31 | 000,000,608 | -HS- | M] () -- C:\Windows\SysNative\winzvprt5.sys
[2012.01.27 19:20:31 | 000,000,234 | ---- | M] () -- C:\Windows\SysNative\hppfaxprinter5.ini
[2012.01.27 19:16:50 | 000,000,169 | ---- | M] () -- C:\Windows\SysNative\AddPort.ini
[2012.01.27 19:16:22 | 000,000,834 | ---- | M] () -- C:\Windows\hpntwksetup.ini
[2012.01.18 20:49:46 | 001,259,046 | ---- | M] () -- C:\Users\David's\Desktop\mcpatcher-2.3.1.exe
[2012.01.18 17:33:58 | 001,641,654 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.17 16:53:21 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.17 15:29:16 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.17 15:01:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.01.17 14:36:46 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCEH2C5E.mrk
[2012.01.17 14:36:46 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCEH2C5E.mrk
[2012.01.17 14:30:50 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.01.17 14:30:50 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.01.10 18:03:45 | 000,000,725 | ---- | M] () -- C:\Windows\SysNative\snyinst.oem
[2012.01.10 16:40:57 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2012.01.10 16:40:57 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2012.01.10 16:40:17 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2012.01.10 16:40:17 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2012.01.10 16:40:14 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2012.01.10 16:40:14 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2012.01.10 08:52:31 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl
[2012.01.10 08:41:31 | 097,167,020 | ---- | M] (Axialis Software) -- C:\Windows\SysNative\VAIO Hero Screensaver - Summer 2011.scr
[2012.01.10 08:38:41 | 000,000,087 | -H-- | M] () -- C:\splash.idx
[2012.01.10 08:21:06 | 000,000,040 | -H-- | M] () -- C:\Windows\SysNative\ivireg.ivr
[2012.01.10 07:59:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012.01.10 07:57:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2012.01.10 07:56:02 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin
[2012.01.10 07:56:02 | 000,001,274 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu
[2012.01.10 07:56:02 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
[2012.01.10 07:56:02 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.01 22:16:30 | 018,829,760 | ---- | C] () -- C:\Users\David's\Desktop\TuneUpUtilities2012_de-DE.exe.fa3h0c6.partial
[2012.01.31 15:47:02 | 000,003,494 | ---- | C] () -- C:\Users\David's\.recently-used.xbel
[2012.01.31 15:47:01 | 000,045,779 | ---- | C] () -- C:\Users\David's\Desktop\bosse.jpg
[2012.01.27 19:20:56 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.27 19:20:31 | 000,000,608 | -HS- | C] () -- C:\Windows\SysNative\winzvprt5.sys
[2012.01.27 19:20:31 | 000,000,234 | ---- | C] () -- C:\Windows\SysNative\hppfaxprinter5.ini
[2012.01.27 19:16:50 | 000,000,169 | ---- | C] () -- C:\Windows\SysNative\AddPort.ini
[2012.01.27 19:15:23 | 000,000,834 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012.01.27 19:13:11 | 000,199,151 | ---- | C] () -- C:\Windows\hppins11.dat
[2012.01.27 19:13:11 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat
[2012.01.27 19:11:40 | 000,003,212 | ---- | C] () -- C:\Windows\SysNative\hppls1312.spf
[2012.01.27 19:11:37 | 000,000,665 | ---- | C] () -- C:\Windows\SysNative\hppapr11.dat
[2012.01.18 21:10:14 | 000,139,783 | ---- | C] () -- C:\Users\David's\Desktop\MinecraftSP.jar
[2012.01.18 20:49:00 | 001,259,046 | ---- | C] () -- C:\Users\David's\Desktop\mcpatcher-2.3.1.exe
[2012.01.17 16:53:21 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.17 16:50:29 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.01.17 16:46:30 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.01.17 16:46:30 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.01.17 16:46:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.01.17 16:37:38 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.01.17 15:43:31 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2012.01.17 15:29:16 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.17 15:29:16 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.17 15:01:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.01.17 14:37:10 | 000,001,409 | ---- | C] () -- C:\Users\David's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.01.17 14:37:06 | 000,001,443 | ---- | C] () -- C:\Users\David's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.01.17 14:36:46 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCEH2C5E.mrk
[2012.01.17 14:36:46 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCEH2C5E.mrk
[2012.01.17 14:36:22 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited powered by Qriocity.lnk
[2012.01.17 14:26:38 | 3206,959,104 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.10 16:41:55 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2012.01.10 16:41:53 | 000,697,322 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.10 16:41:53 | 000,148,328 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.10 16:41:53 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2012.01.10 08:52:35 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Smart Network.lnk
[2012.01.10 08:52:17 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl
[2012.01.10 08:52:12 | 000,001,275 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk
[2012.01.10 08:49:26 | 000,002,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
[2012.01.10 08:42:34 | 000,002,679 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Easy Connect.lnk
[2012.01.10 08:42:30 | 000,002,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2012.01.10 08:38:56 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Keyboard.lnk
[2012.01.10 08:28:31 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2012.01.10 08:26:35 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012.01.10 08:22:57 | 000,001,303 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk
[2012.01.10 08:20:39 | 000,000,040 | -H-- | C] () -- C:\Windows\SysNative\ivireg.ivr
[2012.01.10 08:18:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.10 08:13:14 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.01.10 08:13:06 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.01.10 08:11:39 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.01.10 08:09:32 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.01.10 08:05:26 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012.01.10 08:05:12 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
[2012.01.10 08:04:51 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012.01.10 07:59:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012.01.10 07:59:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012.01.10 07:57:59 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.01.10 07:57:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2012.01.10 07:46:48 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.01.10 07:46:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.02.11 00:03:27 | 001,641,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012.02.01 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\David's\AppData\Roaming\.minecraft
[2012.01.17 16:40:53 | 000,000,000 | ---D | M] -- C:\Users\David's\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.31 15:47:02 | 000,000,000 | ---D | M] -- C:\Users\David's\AppData\Roaming\gtk-2.0
[2012.01.18 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\David's\AppData\Roaming\ICQ
[2012.01.27 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\David's\AppData\Roaming\SoftGrid Client
[2012.01.17 15:39:33 | 000,000,000 | ---D | M] -- C:\Users\David's\AppData\Roaming\TP
[2009.07.14 06:08:49 | 000,007,930 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2012.01.24 18:23:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.27 19:12:54 | 000,000,000 | ---D | M] -- C:\CM1312_Full_Solution_Win7_5_1_AM-EMEA1
[2012.01.27 19:31:06 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2012.01.27 17:57:30 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.17 14:33:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.10 07:51:25 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.19 22:24:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.27 19:14:03 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.27 19:18:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.17 14:33:04 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.10 08:38:41 | 000,000,000 | -H-D | M] -- C:\SPLASH.000
[2012.01.10 08:38:27 | 000,000,000 | -H-D | M] -- C:\SPLASH.SYS
[2012.02.01 21:54:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.10 08:51:48 | 000,000,000 | ---D | M] -- C:\temp
[2012.01.30 19:18:59 | 000,000,000 | ---D | M] -- C:\Update
[2012.01.17 14:33:11 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.10 08:52:05 | 000,000,000 | ---D | M] -- C:\VAIO Sample Contents
[2012.02.01 21:18:00 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.10 08:05:12 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011.07.13 02:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.07.13 02:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.07.13 02:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.07.13 02:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.07.13 02:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.07.13 02:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IASTOR.SYS >
[2011.08.25 03:17:36 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.08.25 03:17:36 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
[2011.08.25 03:17:36 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_5b314ccea0aa569d\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.01.31 15:47:02 | 000,003,494 | ---- | M] () -- C:\Users\David's\.recently-used.xbel
[2012.02.02 16:20:10 | 001,310,720 | -HS- | M] () -- C:\Users\David's\NTUSER.DAT
[2012.02.02 16:20:10 | 000,262,144 | -HS- | M] () -- C:\Users\David's\ntuser.dat.LOG1
[2012.01.17 14:33:17 | 000,000,000 | -HS- | M] () -- C:\Users\David's\ntuser.dat.LOG2
[2012.01.17 15:31:43 | 000,065,536 | -HS- | M] () -- C:\Users\David's\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.01.17 15:31:43 | 000,524,288 | -HS- | M] () -- C:\Users\David's\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.01.17 15:31:43 | 000,524,288 | -HS- | M] () -- C:\Users\David's\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.01.17 14:33:17 | 000,000,020 | -HS- | M] () -- C:\Users\David's\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

OTL EXTRAS Logfile:
--- --- ---

hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.





• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.

• Öffne dein Systemlaufwerk ( meistens C: )
• Suche nun
  folgenden Ordner: _OTL und öffne diesen.
• Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
• 
  Dies wird eine Movedfiles.zip Datei in _OTL erstellen
• Lade diese bitte in unseren Uploadchannel
  hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla client deleted successfully.
C:\Users\David's\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: David's
->Flash cache emptied: 60019 bytes

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: David's
->Temp folder emptied: 115516411 bytes
->Temporary Internet Files folder emptied: 42136859 bytes
->Java cache emptied: 67314 bytes
->FireFox cache emptied: 1106540306 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52845308 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 74344 bytes
RecycleBin emptied: 536115668 bytes

Total Files Cleaned = 1.767,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02022012_201909

Files\Folders moved on Reboot...
C:\Users\David's\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Upload des OTL Zip ordners hat einwandfrei geklappt

man dankt.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

• Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
  Tool
  
  Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  
• Hinweis:
  Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  
• Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Combofix Logfile:
--- --- ---

Allerding kam bei Combofix zwischen jeder einzelnen Stufe derAnalyse die Meldung "Nirkmd konnte nicht gefunden werden"
Hat das eine Bedeutung?

hi, hat aber trotzdem geklappt, und sieht gut aus :-)
malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.02.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David's :: DAVIDS-VAIO [Administrator]

Schutz: Aktiviert

03.02.2012 17:57:39
mbam-log-2012-02-03 (17-57-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 312701
Laufzeit: 43 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

"Ergebnisse Anzeigen" und "Entferne Auswahl" ging nicht. Das Textfenster hat sich sofort geöffnet :)

ja passt so, gab ja keine funde, deshalb nichts zu entfernen
malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.