Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BKA-Virus - abgesicherter Modus funktioniert nicht; Wiederherstellungspunkt nicht vorhanden (https://www.trojaner-board.de/119550-bka-virus-abgesicherter-modus-funktioniert-wiederherstellungspunkt-vorhanden.html)

Tivena 15.07.2012 13:38
BKA-Virus - abgesicherter Modus funktioniert nicht; Wiederherstellungspunkt nicht vorhanden
 
Hallo zusammen,

Ich habe mir gestern einen dieser BKA-Viren eingefangen und bin nun total verzweifelt, denn ich sitze seit heute morgen um 1 vor dem Rechner und nichts, was ich gegoogelt und versucht habe, funktioniert. Deswegen hoffe ich inständig, dass mir hier jemand helfen kann.

Der abgesicherte Modus lässt sich nicht ausführen; es kommt eine Meldung von meinem Monitor "Modus wird nicht unterstützt". (Selbiges Problem tritt seit einiger Zeit auch bei einem PC-Spiel auf, lässt sich also ebenfalls nicht starten)
Ebenso wenig ist ein Wiederherstellungspunkt vorhanden, obwohl ich sicher weiß, dass schon mal einer da war.
Beim Versuch, einen neuen Wiederherstellungspunkt zu setzen, kommt die Meldung:
"Der Wiederherstellungspunkt konnte aus folgendem Grund nicht erstellt werden:
Unerwarteter Fehler beim Schattenkopieanbieter, bei dem Versuch, den angegebenen Vorgang zu verarbeiten. (0x8004230F)
Wiederholen sie den Vorgang"

ich habe Vista 64 Bit, Antivir hat nur "ADSPY/Webhancer.A.63" gefunden. Unverständlicherweise auf einer gekauften Spiele-CD...
Das bildschirmfüllende Pop-Up tritt nur meinem den Benutzerkonto auf, andere Benutzerkonten laufen wie bisher.
Keine Fehlermeldung von Defogger.
Hier die OTL.Txt:



Zitat:
OTL logfile created on: 15.07.2012 14:30:07 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ruder\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,93 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,49% Memory free
16,06 Gb Paging File | 14,03 Gb Available in Paging File | 87,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,43 Gb Total Space | 523,58 Gb Free Space | 57,13% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 7,72 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
Drive J: | 495,98 Mb Total Space | 244,18 Mb Free Space | 49,23% Space Free | Partition Type: FAT32

Computer Name: RUDER-PC | User Name: Ruder | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.15 14:21:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ruder\Downloads\OTL.exe
PRC - [2012.06.16 16:32:54 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.08 12:00:33 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 12:00:33 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 12:00:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.16 16:32:54 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.12.08 20:28:04 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.03.22 11:13:34 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.06.26 09:11:14 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_f86438be\STacSV64.exe -- (STacSV)
SRV - [2012.07.12 09:12:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 19:41:59 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.06.19 18:04:36 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.16 16:32:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 12:00:33 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 12:00:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.08 20:33:34 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.08 20:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.09.08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.06.23 11:04:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.16 21:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.08 12:00:34 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 12:00:34 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011.03.22 11:14:57 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2011.03.22 11:14:57 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.03.22 11:14:57 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.22 11:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.10.20 07:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.09.17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009.06.25 16:08:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.06.25 16:08:38 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.03.12 15:39:10 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009.01.19 11:46:18 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2009.01.19 11:43:44 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.09.25 11:42:16 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008.09.25 11:42:10 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008.06.30 07:50:26 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008.06.26 09:11:24 | 000,457,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007.10.16 10:01:50 | 000,214,016 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\TridVid.sys -- (TridVid)
DRV:64bit: - [2006.12.08 14:58:34 | 012,298,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2010.08.19 22:08:04 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.11.05 01:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm033BBde&ptnrS=GRxdm033BBde&si=4514848&ptb=BE561858-A730-4A1F-856B-A5EEA65351F1&ind=2012062104&n=77eda198&psa=&st=sb&searchfor={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IENOSGTB
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Celebrity Toolbar\tbu06500\tbhelper.dll ()
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\URLSearchHook: {8040829d-1177-46e2-9157-8282438b79c7} - No CLSID value found
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes,DefaultScope = {3325C92E-5963-4A8F-92C7-1C54845EB146}
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=119999&babsrc=SP_ss&mntrId=c092122a00000000000000242c75421a
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{2C969951-2D11-4241-885A-45EB4F6C1A76}: "URL" = hxxp://kanicq.ru/invisible/de/{searchTerms}
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{3325C92E-5963-4A8F-92C7-1C54845EB146}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=&aq=f&oq=&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{3F4AADDD-6656-4C51-8442-7CD9C2F5A720}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=04363607-CC8F-49C2-8E16-CDCE5E1191D4&apn_sauid=AB58DE99-A47F-4F0A-9083-C7271157BDF7
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm033BBde&ptnrS=GRxdm033BBde&si=4514848&ptb=BE561858-A730-4A1F-856B-A5EEA65351F1&ind=2012062104&n=77eda198&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{F3488FD0-161B-4EEC-B5A5-B779CBB34A1A}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\SearchScopes\{F5B8A3DB-4D71-4009-B036-43D155AACFE7}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.wetter.de/wettervorhersage/49-8616-94/wetter-regen.html"
FF - prefs.js..extensions.enabledItems: clipple@mooz.github.com:0.0.7
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.5
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.3.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=119999&babsrc=adbartrp&mntrId=c092122a00000000000000242c75421a&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files (x86)\Common Files\fluxDVD\APIX\NPAPIX.dll File not found
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files (x86)\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyWebFace_5a.com/Plugin: C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\NP5aStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPWMDRMWrapper: C:\Program Files (x86)\Common Files\mpDRM\NPWMDRMWrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BS Contact: C:\Users\Ruder\AppData\Local\Bitmanagement Software\BS Contact\x64\npBSContact.dll File not found
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: C:\Users\Ruder\AppData\Local\Bitmanagement Software\BS Contact\x64\npBSVersion_6.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Ruder\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\Mozilla [2010.02.28 00:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.10 16:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.10 16:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5affxtbr@MyWebFace_5a.com: C:\Program Files (x86)\MyWebFace_5a\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 16:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.24 13:09:44 | 000,000,000 | ---D | M]

[2010.10.15 09:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruder\AppData\Roaming\mozilla\Extensions
[2010.01.28 23:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruder\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.10.15 09:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruder\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.07.15 13:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions
[2012.07.15 13:17:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.05.29 16:50:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.21 19:46:51 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.02.14 21:06:00 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012.05.29 16:50:18 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions\bbrs_002@blabbers.com
[2011.01.16 18:57:22 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.07.03 21:12:15 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions\firefox@ghostery.com
[2012.01.07 18:39:28 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Users\Ruder\AppData\Roaming\mozilla\Firefox\Profiles\aro2sam5.default\extensions\jid1-uabu5A9hduqzCw@jetpack
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\askcom.xml
[2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\conduit.xml
[2011.09.02 17:09:00 | 000,005,212 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\ecosia.xml
[2012.07.08 17:20:46 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-1.xml
[2011.02.18 18:45:02 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-10.xml
[2010.10.29 00:19:38 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-11.xml
[2010.12.10 19:46:05 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-12.xml
[2011.03.05 10:51:56 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-13.xml
[2011.03.24 00:02:59 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-14.xml
[2011.04.05 18:02:00 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-15.xml
[2010.03.25 10:20:52 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-2.xml
[2010.04.03 08:43:26 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-3.xml
[2010.04.04 18:24:37 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-4.xml
[2010.06.24 17:52:11 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-5.xml
[2010.07.21 22:28:22 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-6.xml
[2010.07.23 15:06:42 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-7.xml
[2010.07.25 20:42:59 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-8.xml
[2010.09.16 19:22:46 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin.xml
[2011.02.18 18:43:54 | 000,003,915 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\sweetim.xml
[2012.04.26 09:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.24 21:22:40 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.04 10:38:02 | 000,439,720 | ---- | M] () (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2011.08.17 23:31:11 | 000,050,631 | ---- | M] () (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\{54BB9F3F-07E5-486C-9B39-C7398B99391C}.XPI
[2012.06.19 11:52:55 | 000,344,664 | ---- | M] () (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2011.05.07 10:46:46 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011.05.07 11:04:22 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012.06.16 16:32:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.05 10:58:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.07 21:09:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.19 16:20:53 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.07 21:09:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.07 21:09:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 21:09:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 21:09:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 21:09:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - Extension: DivX HiQ = C:\Users\Ruder\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ruder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Search Assistant BHO) - {14d02517-c8be-4735-a344-3c8366c77aa0} - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5aSrcAs.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {b1df253a-9e7a-480d-b6a5-7a435b520dbb} - C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abar.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyWebFace) - {af94b35c-3ac5-4030-9f9c-15fb4e3dc339} - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\..\Toolbar\WebBrowser: (MyWebFace) - {AF94B35C-3AC5-4030-9F9C-15FB4E3DC339} - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abar.dll File not found
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BambooScribeAutoStart.vbe] C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe ()
O4 - HKLM..\Run: [MyWebFace Search Scope Monitor] "C:\PROGRA~2\MYWEBF~2\bar\1.bin\5asrchmn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [MyWebFace_5a Browser Plugin Loader] C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abrmon.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000..\Run: [BambooScribe.exe] C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe ()
O4 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2039111628-1905848296-3570834737-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Macromedia Shockwave Director Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://arcww.vo.llnwd.net/o37/seekr/MCD/Plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA62E1F2-F220-42FD-AA2A-756242E0A969}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\mhtb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\mhtb - No CLSID value found
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (ddefix.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O24 - Desktop WallPaper: C:\Users\Ruder\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ruder\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27:64bit: - HKLM IFEO\dsc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\earthview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpqdirec.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpqssupply.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpqwrg.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hprbui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpzscr40.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mshaktuell.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\regipe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\setdlc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\tomtomhome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall tomtom home.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wiso2011.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wisohilfe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.20 12:32:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{597b92d0-5c49-11de-86ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{597b92d0-5c49-11de-86ea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.15 12:51:34 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\sardu
[2012.07.15 12:33:14 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\Kaspersky
[2012.07.15 12:30:32 | 000,409,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ruder\Desktop\rescue2usb.exe
[2012.07.15 10:02:29 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Local\MigWiz
[2012.07.15 04:04:36 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\DCIM
[2012.07.13 23:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\Kindergeschichten
[2012.07.05 12:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireFly Studios
[2012.07.02 11:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Documents\MeinSPORE-Kreationen
[2012.07.01 23:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.07.01 23:46:21 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Roaming\SPORE Creature Creator
[2012.07.01 23:12:18 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Roaming\Origin
[2012.07.01 22:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.01 22:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.01 22:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.07.01 22:25:18 | 000,000,000 | ---D | C] -- C:\AMD
[2012.07.01 22:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2012.06.29 11:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2012.06.29 10:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\Neuer Ordner
[2012.06.25 07:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.24 21:03:05 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.06.23 16:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Local\Macromedia
[2012.06.21 09:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Roaming\WeatherLord
[2012.06.21 09:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WeatherLord
[2012.06.21 09:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012.06.21 09:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OXXOGames
[2012.06.19 20:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.19 20:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2009.06.25 22:10:12 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Ruder\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.15 14:20:20 | 000,002,655 | ---- | M] () -- C:\Users\Ruder\Desktop\Microsoft Office Word 2007.lnk
[2012.07.15 14:19:35 | 000,000,000 | ---- | M] () -- C:\Users\Ruder\defogger_reenable
[2012.07.15 14:12:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.15 13:59:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.15 13:39:53 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 13:39:53 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 13:39:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.15 13:39:43 | 4225,683,455 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 12:21:58 | 003,181,681 | ---- | M] () -- C:\Users\Ruder\Desktop\DSC05798.JPG
[2012.07.15 12:21:41 | 001,445,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.15 12:21:41 | 000,628,724 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.15 12:21:41 | 000,596,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.15 12:21:41 | 000,126,468 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.15 12:21:41 | 000,104,092 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.15 11:20:22 | 000,030,208 | ---- | M] () -- C:\Users\Ruder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.14 14:33:36 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.07.14 10:52:39 | 000,336,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.13 21:35:45 | 001,593,360 | ---- | M] () -- C:\Users\Ruder\Desktop\UNDER MY SKIN.psd
[2012.07.13 09:32:04 | 020,445,274 | ---- | M] () -- C:\Users\Ruder\Desktop\Schwester.jpg
[2012.07.05 22:28:54 | 000,000,843 | ---- | M] () -- C:\Users\Ruder\Desktop\Stronghold.lnk
[2012.07.05 22:28:07 | 000,000,838 | ---- | M] () -- C:\Users\Ruder\Desktop\Origin.lnk
[2012.07.05 22:28:02 | 000,001,672 | ---- | M] () -- C:\Users\Ruder\Desktop\ICQ7M.lnk
[2012.07.03 09:59:21 | 000,104,367 | ---- | M] () -- C:\Users\Ruder\Desktop\DSC00494.jpg
[2012.07.03 09:57:51 | 000,083,562 | ---- | M] () -- C:\Users\Ruder\Desktop\DSC00476.jpg
[2012.07.02 11:27:10 | 634,480,175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.29 12:12:36 | 000,003,768 | ---- | M] () -- C:\Users\Ruder\Desktop\GUTE LAUNE!!!!!.wpl
[2012.06.26 00:00:42 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.26 00:00:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.25 22:27:18 | 000,257,251 | ---- | M] () -- C:\Users\Ruder\Desktop\Selbsthypnose.pdf
[2012.06.24 21:03:05 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.06.18 10:45:58 | 000,211,480 | ---- | M] () -- C:\Users\Ruder\Desktop\1338483433-739.jpg
[2012.06.15 15:40:56 | 000,008,612 | ---- | M] () -- C:\Users\Ruder\Desktop\Schultüte Schmetterling.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.15 14:19:35 | 000,000,000 | ---- | C] () -- C:\Users\Ruder\defogger_reenable
[2012.07.15 13:39:42 | 4225,683,455 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.15 12:30:32 | 000,237,849 | ---- | C] () -- C:\Users\Ruder\Desktop\grub.exe
[2012.07.15 12:30:32 | 000,028,160 | ---- | C] () -- C:\Users\Ruder\Desktop\syslinux.exe
[2012.07.15 12:30:32 | 000,000,237 | ---- | C] () -- C:\Users\Ruder\Desktop\syslinux.cfg
[2012.07.15 12:22:17 | 003,181,681 | ---- | C] () -- C:\Users\Ruder\Desktop\DSC05798.JPG
[2012.07.15 12:22:16 | 001,349,261 | ---- | C] () -- C:\Users\Ruder\Desktop\100_1479.JPG
[2012.07.15 01:11:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.13 21:31:48 | 001,593,360 | ---- | C] () -- C:\Users\Ruder\Desktop\UNDER MY SKIN.psd
[2012.07.13 09:31:59 | 020,445,274 | ---- | C] () -- C:\Users\Ruder\Desktop\Schwester.jpg
[2012.07.05 22:36:00 | 000,002,655 | ---- | C] () -- C:\Users\Ruder\Desktop\Microsoft Office Word 2007.lnk
[2012.07.05 22:28:54 | 000,000,843 | ---- | C] () -- C:\Users\Ruder\Desktop\Stronghold.lnk
[2012.07.05 22:28:07 | 000,000,838 | ---- | C] () -- C:\Users\Ruder\Desktop\Origin.lnk
[2012.07.05 22:28:02 | 000,001,672 | ---- | C] () -- C:\Users\Ruder\Desktop\ICQ7M.lnk
[2012.07.03 09:59:20 | 000,104,367 | ---- | C] () -- C:\Users\Ruder\Desktop\DSC00494.jpg
[2012.07.03 09:57:49 | 000,083,562 | ---- | C] () -- C:\Users\Ruder\Desktop\DSC00476.jpg
[2012.07.02 11:27:10 | 634,480,175 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.06.29 12:12:36 | 000,003,768 | ---- | C] () -- C:\Users\Ruder\Desktop\GUTE LAUNE!!!!!.wpl
[2012.06.25 22:27:18 | 000,257,251 | ---- | C] () -- C:\Users\Ruder\Desktop\Selbsthypnose.pdf
[2012.06.18 10:45:58 | 000,211,480 | ---- | C] () -- C:\Users\Ruder\Desktop\1338483433-739.jpg
[2012.06.15 15:40:56 | 000,008,612 | ---- | C] () -- C:\Users\Ruder\Desktop\Schultüte Schmetterling.jpg
[2012.02.19 16:32:48 | 000,004,910 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2012.02.10 23:39:02 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012.01.10 16:59:48 | 000,010,240 | -H-- | C] () -- C:\Users\Ruder\photothumb.db
[2011.12.05 18:13:26 | 000,000,026 | ---- | C] () -- C:\Windows\DEAMM.INI
[2011.12.05 18:12:27 | 001,030,144 | ---- | C] () -- C:\Windows\SysWow64\FTFT011N.DLL
[2011.12.05 18:12:27 | 000,533,504 | ---- | C] () -- C:\Windows\SysWow64\FTEX007N.DLL
[2011.12.05 18:12:26 | 000,338,510 | ---- | C] () -- C:\Windows\SysWow64\SFI.DLL
[2011.12.05 18:12:26 | 000,078,599 | ---- | C] () -- C:\Windows\SysWow64\FINDAPP.DLL
[2011.12.05 18:12:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\QTINFO.DLL
[2011.12.05 18:12:26 | 000,050,676 | ---- | C] () -- C:\Windows\SysWow64\ZSCOMPR.DLL
[2011.12.05 18:12:26 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FTEI007N.DLL
[2011.12.05 18:12:26 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\FTET007N.DLL
[2011.12.05 18:12:26 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\FTEH006N.DLL
[2011.12.05 18:12:25 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\FindTask.dll
[2011.12.05 18:12:25 | 000,021,385 | ---- | C] () -- C:\Windows\SysWow64\VRTele.bin
[2011.12.05 14:14:56 | 000,000,680 | RHS- | C] () -- C:\Users\Ruder\ntuser.pol
[2011.11.30 15:57:04 | 000,038,210 | ---- | C] () -- C:\Users\Ruder\back.JPG
[2011.11.30 14:59:15 | 000,044,422 | ---- | C] () -- C:\Users\Ruder\LISA FACEBOOK.JPG
[2011.08.31 01:05:26 | 000,000,000 | ---- | C] () -- C:\Users\Ruder\netstat
[2011.04.17 20:38:37 | 000,000,732 | ---- | C] () -- C:\Windows\wiso.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.22 11:13:31 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.13 17:03:08 | 000,164,311 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.01.13 17:02:20 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.12.30 22:06:40 | 000,162,730 | ---- | C] () -- C:\Users\Ruder\nozzle2.RIF
[2010.12.30 22:01:29 | 000,162,730 | ---- | C] () -- C:\Users\Ruder\nozzle.RIF
[2010.11.30 02:00:51 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.11.30 02:00:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DD9DAA00D7.sys
[2010.11.29 02:30:57 | 000,001,506 | ---- | C] () -- C:\Users\Ruder\.recently-used.xbel
[2010.11.28 19:16:01 | 000,593,112 | ---- | C] () -- C:\Users\Ruder\.fonts.cache-1
[2010.08.22 22:40:29 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\ATWTINK.DLL
[2010.07.19 19:13:19 | 000,000,044 | ---- | C] () -- C:\ProgramData\.SimImages
[2010.07.14 23:51:25 | 000,000,000 | ---- | C] () -- C:\Users\Ruder\.gtk-bookmarks
[2010.05.12 18:14:03 | 000,000,461 | ---- | C] () -- C:\Users\Ruder\AppData\Roaming\Poladroid prefs.plist
[2010.04.27 11:02:11 | 008,461,564 | ---- | C] () -- C:\Users\Ruder\Isabell und Johanna spielen Wii.wmv
[2010.04.15 17:15:05 | 000,000,732 | ---- | C] () -- C:\Users\Ruder\AppData\Local\d3d9caps64.dat
[2010.02.05 13:27:02 | 000,584,258 | ---- | C] () -- C:\Users\Ruder\SS-bullet-holes.abr
[2010.01.18 22:20:24 | 000,000,680 | ---- | C] () -- C:\Users\Ruder\AppData\Local\d3d9caps.dat
[2009.12.03 22:01:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.09 18:40:20 | 007,860,430 | ---- | C] () -- C:\Users\Ruder\AdonihsBrushes.abr
[2009.06.23 22:08:00 | 000,030,208 | ---- | C] () -- C:\Users\Ruder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.23 11:54:05 | 000,024,147 | ---- | C] () -- C:\Users\Ruder\AppData\Roaming\UserTile.png
[2007.06.19 15:25:08 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2007.03.12 19:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe

========== LOP Check ==========

[2011.06.23 09:53:12 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011.02.15 21:00:02 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TuneUp Software
[2012.02.20 10:21:43 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2012.02.20 08:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011.12.22 14:12:01 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\TuneUp Software
[2012.01.22 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\Wacom
[2012.02.07 15:57:59 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.03.18 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Ascaron Entertainment
[2012.02.21 02:17:21 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Autodesk
[2011.04.17 20:39:41 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Buhl Data Service
[2011.08.23 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DassaultSystemes
[2011.05.14 18:45:16 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DocOnCD
[2010.10.29 10:16:03 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\GetRightToGo
[2010.03.30 22:10:30 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\ICQ
[2012.05.12 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\My Games
[2009.06.25 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\PeerNetworking
[2010.01.05 18:31:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\RTPlayer
[2010.08.10 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\temp
[2011.03.02 02:08:21 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\The Creative Assembly
[2010.05.15 13:26:39 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TomTom
[2010.12.10 20:10:53 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TuneUp Software
[2012.01.21 10:52:43 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Wacom
[2012.02.13 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.05.24 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Amazon
[2012.02.13 11:03:34 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Ambient Design
[2010.08.12 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Anthropics
[2010.11.28 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Artweaver
[2012.02.20 12:33:36 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Autodesk
[2012.02.10 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Babylon
[2012.06.24 19:51:27 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\BrowserCompanion
[2012.01.11 15:36:13 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\CasaPortale.de
[2010.08.11 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\com.gugga.inTouch.5F38BFD43016A92ECF6B8272C407E5E3E2F4A2AF.1
[2011.05.20 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\com.gugga.radiomini
[2011.11.06 18:46:51 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2011.05.20 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2010.11.29 21:09:52 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DAZ 3D
[2011.04.22 02:02:43 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DeskSoft
[2011.05.21 08:31:31 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DocOnCD
[2009.08.19 10:15:22 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Duden
[2012.05.29 16:50:15 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DVDVideoSoft
[2012.05.29 16:50:09 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.06.23 12:20:51 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Ergo
[2011.04.25 00:08:33 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Firefly Studios
[2010.11.29 02:32:25 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\gtk-2.0
[2012.07.15 11:43:56 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\ICQ
[2009.11.29 14:32:56 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\ICQLite
[2010.07.14 23:49:24 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Inkscape
[2011.01.26 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\IrfanView
[2011.06.17 14:13:19 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011.01.10 16:10:56 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Local
[2010.03.09 21:00:34 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Miranda
[2012.06.21 10:04:03 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\My Games
[2012.05.29 16:50:15 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\OpenCandy
[2012.07.01 23:13:45 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Origin
[2009.06.25 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\PeerNetworking
[2012.02.06 10:39:38 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\PhotoScape
[2009.11.23 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Planetside Software
[2009.06.24 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\RTPlayer
[2012.07.01 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\SPORE Creature Creator
[2010.01.28 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\TomTom
[2010.12.11 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\TuneUp Software
[2009.11.23 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\uk.co.planetside
[2010.01.17 00:11:08 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Uniblue
[2011.11.09 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Vision Objects
[2010.10.15 09:11:26 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Vivox
[2012.01.20 20:43:20 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Wacom
[2012.01.20 20:48:23 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.06.21 09:50:16 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\WeatherLord
[2012.02.19 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Windows Live Writer
[2009.11.06 15:39:14 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Winsplit Revolution
[2012.02.27 21:24:35 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\XnView
[2012.07.15 13:35:52 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report

markusg 15.07.2012 14:25
hi
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Tivena 15.07.2012 18:39
Hallo,

Erstmal vielen Dank für die schnelle Antwort! Ich habe alles, wie beschrieben, gemacht am Schluss kam diesmal jedoch nur eine Datei heraus.
Was sind die nächsten Schritte?

Edit: Antivir hat gerade etwas gefunden: Dateiname "fest0r_ot.exe Meldung: TR/Drop.Injector.fjop


OTL Logfile:
Code:
OTL logfile created on: 7/15/2012 8:48:28 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.43 Gb Total Space | 523.10 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
Drive H: | 15.00 Gb Total Space | 7.72 Gb Free Space | 51.48% Space Free | Partition Type: NTFS
Drive I: | 1.93 Gb Total Space | 1.43 Gb Free Space | 73.89% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/12/08 14:28:04 | 000,036,160 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/09/08 12:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 12:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2011/03/22 05:13:34 | 000,203,776 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/06/26 03:11:14 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_f86438be\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 03:12:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/10 13:41:59 | 004,419,392 | ---- | M] () [Auto] -- C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/06/19 12:04:36 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/16 10:32:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 06:00:33 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 06:00:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/08 14:33:34 | 002,028,864 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 14:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/09/14 17:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010/03/29 02:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [On_Demand] -- C:\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/23 05:04:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/16 15:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/04/15 11:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/10 18:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/24 06:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 08:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/15 10:36:05 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/05/08 06:00:34 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 06:00:34 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/19 11:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/09/08 12:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/22 05:14:57 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV:64bit: - [2011/03/22 05:14:57 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/03/22 05:14:57 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/22 05:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/20 01:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/09/22 19:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/17 01:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\Windows\System32\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/06/25 10:08:38 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/06/25 10:08:38 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/03/12 09:39:10 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009/01/19 05:46:18 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/01/19 05:43:44 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2008/06/26 03:11:24 | 000,457,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/10/16 04:01:50 | 000,214,016 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TridVid.sys -- (TridVid)
DRV:64bit: - [2006/12/08 08:58:34 | 012,298,112 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2010/08/19 16:08:04 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/11/04 19:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 F1 EC FA 1C D3 CA 01  [binary data]
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Kinder_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Konstantin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\Konstantin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Konstantin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Konstantin_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Konstantin_ON_C\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - Reg Error: Key error. File not found
IE - HKU\Konstantin_ON_C\..\URLSearchHook: {8040829d-1177-46e2-9157-8282438b79c7} - Reg Error: Key error. File not found
IE - HKU\Konstantin_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Konstantin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Ruder_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Ruder_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Ruder_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IENOSGTB
IE - HKU\Ruder_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Ruder_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Ruder_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Ruder_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Ruder_ON_C\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - Reg Error: Key error. File not found
IE - HKU\Ruder_ON_C\..\URLSearchHook: {8040829d-1177-46e2-9157-8282438b79c7} - Reg Error: Key error. File not found
IE - HKU\Ruder_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\Ruder_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\Ruder_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Ruder_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.wetter.de/wettervorhersage/49-8616-94/wetter-regen.html"
FF - prefs.js..extensions.enabledItems: clipple@mooz.github.com:0.0.7
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.5
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.3.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=119999&babsrc=adbartrp&mntrId=c092122a00000000000000242c75421a&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@fluxdvd.com/NPAPIX:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@MyWebFace_5a.com/Plugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@protectdisc.com/NPWMDRMWrapper:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BS Contact:  File not found
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006:  File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3:  File not found
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\Mozilla [2010/02/27 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/10 10:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/10 10:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\5affxtbr@MyWebFace_5a.com: C:\Program Files (x86)\MyWebFace_5a\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 10:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/24 07:09:44 | 000,000,000 | ---D | M]
 
[2010/10/15 03:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Extensions
[2010/01/28 17:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/10/15 03:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/07/15 07:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions
[2012/07/15 07:17:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/05/29 10:50:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/21 13:46:51 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/02/14 15:06:00 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/05/29 10:50:18 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions\bbrs_002@blabbers.com
[2011/01/16 12:57:22 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012/07/03 15:12:15 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions\firefox@ghostery.com
[2012/01/07 12:39:28 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\extensions\jid1-uabu5A9hduqzCw@jetpack
[2012/01/03 10:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\askcom.xml
[2010/12/08 10:47:52 | 000,000,927 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\conduit.xml
[2011/09/02 11:09:00 | 000,005,212 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\ecosia.xml
[2012/07/15 13:34:03 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-1.xml
[2011/02/18 12:45:02 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-10.xml
[2010/10/28 18:19:38 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-11.xml
[2010/12/10 13:46:05 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-12.xml
[2011/03/05 04:51:56 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-13.xml
[2011/03/23 18:02:59 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-14.xml
[2011/04/05 12:02:00 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-15.xml
[2010/03/25 04:20:52 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-2.xml
[2010/04/03 02:43:26 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-3.xml
[2010/04/04 12:24:37 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-4.xml
[2010/06/24 11:52:11 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-5.xml
[2010/07/21 16:28:22 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-6.xml
[2010/07/23 09:06:42 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-7.xml
[2010/07/25 14:42:59 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-8.xml
[2010/09/16 13:22:46 | 000,000,950 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin-9.xml
[2010/05/12 12:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\icqplugin.xml
[2011/02/18 12:43:54 | 000,003,915 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Mozilla\Firefox\Profiles\aro2sam5.default\searchplugins\sweetim.xml
[2012/04/26 03:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/24 15:22:40 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
() (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\{54BB9F3F-07E5-486C-9B39-C7398B99391C}.XPI
() (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\RUDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARO2SAM5.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/06/16 10:32:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/05 04:58:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/07 15:09:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/19 10:20:53 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/07 15:09:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/07 15:09:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/07 15:09:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/07 15:09:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/07 15:09:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Search Assistant BHO) - {14d02517-c8be-4735-a344-3c8366c77aa0} -  File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {b1df253a-9e7a-480d-b6a5-7a435b520dbb} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyWebFace) - {af94b35c-3ac5-4030-9f9c-15fb4e3dc339} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Gast_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Gast_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Konstantin_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Konstantin_ON_C\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\Konstantin_ON_C\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O3 - HKU\Ruder_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Ruder_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Ruder_ON_C\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\Ruder_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Ruder_ON_C\..\Toolbar\WebBrowser: (MyWebFace) - {AF94B35C-3AC5-4030-9F9C-15FB4E3DC339} -  File not found
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BambooScribeAutoStart.vbe] C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe ()
O4 - HKLM..\Run: [MyWebFace Search Scope Monitor]  File not found
O4 - HKLM..\Run: [MyWebFace_5a Browser Plugin Loader]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Gast_ON_C..\Run: [swg]  File not found
O4 - HKU\Konstantin_ON_C..\Run: [BambooScribe.exe] C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe ()
O4 - HKU\Konstantin_ON_C..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter]  File not found
O4 - HKU\Ruder_ON_C..\Run: [BambooScribe.exe] C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe ()
O4 - HKU\Ruder_ON_C..\Run: [WMPNSCFG]  File not found
O4 - Startup: C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Kinder_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Kinder_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Kinder_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Konstantin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Konstantin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Konstantin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Ruder_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Ruder_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Ruder_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Macromedia Shockwave Director Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://arcww.vo.llnwd.net/o37/seekr/MCD/Plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O20 - AppInit_DLLs: (ddefix.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27:64bit: - HKLM IFEO\dsc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\earthview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpqdirec.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpqssupply.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpqwrg.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hprbui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpzscr40.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mshaktuell.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\regipe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\setdlc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\tomtomhome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall tomtom home.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wiso2011.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wisohilfe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/20 06:32:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/06/23 15:52:32 | 000,000,045 | RH-- | M] () - I:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{597b92d0-5c49-11de-86ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{597b92d0-5c49-11de-86ea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Konstantin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kurznotizen.lnk - C:\Windows\System32\StikyNot.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Ruder^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EarthView.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig:64bit - StartUpReg: BambooCore - hkey= - key= - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MsConfig:64bit - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: Google Quick Search Box - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Halo2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: M5T8QL3YW3 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: MacrokeyManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: snp2std - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/15 10:36:05 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/07/15 10:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2012/07/15 10:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/07/15 06:51:34 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\sardu
[2012/07/15 06:33:14 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\Kaspersky
[2012/07/15 06:30:32 | 000,409,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ruder\Desktop\rescue2usb.exe
[2012/07/15 04:02:29 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Local\MigWiz
[2012/07/14 22:04:36 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\DCIM
[2012/07/13 17:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\Kindergeschichten
[2012/07/11 00:53:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/07/11 00:53:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 00:53:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 00:53:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 00:53:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 00:53:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 00:53:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 00:53:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 00:53:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 00:53:49 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 00:53:49 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/07/11 00:53:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 00:53:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/07/11 00:53:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 00:40:39 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 00:40:39 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncrypt.dll
[2012/07/05 06:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireFly Studios
[2012/07/02 05:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Documents\MeinSPORE-Kreationen
[2012/07/01 17:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/07/01 17:46:21 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Roaming\SPORE Creature Creator
[2012/07/01 17:12:18 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Roaming\Origin
[2012/07/01 16:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/01 16:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/01 16:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/01 16:25:18 | 000,000,000 | ---D | C] -- C:\AMD
[2012/07/01 16:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2012/06/29 05:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2012/06/29 04:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ruder\Desktop\Neuer Ordner
[2012/06/25 01:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/06/24 15:03:05 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/06/24 03:58:28 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/24 03:58:28 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2012/06/24 03:58:28 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/24 03:58:16 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/24 03:58:16 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/24 03:58:16 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/24 03:58:16 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/24 03:58:16 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/24 03:58:16 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/24 03:58:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/24 03:58:02 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/24 03:58:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/24 03:58:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/23 10:45:43 | 000,000,000 | ---D | C] -- C:\Users\Konstantin\AppData\Local\Macromedia
[2012/06/23 10:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Local\Macromedia
[2012/06/21 03:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ruder\AppData\Roaming\WeatherLord
[2012/06/21 03:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WeatherLord
[2012/06/21 03:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012/06/21 03:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OXXOGames
[2012/06/19 14:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012/06/19 14:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2009/12/13 13:03:51 | 008,653,312 | ---- | C] (Dell, Inc.                                                  ) -- C:\Users\Konstantin\AppData\Roaming\DataSafeDotNet.exe
[2009/06/25 16:10:12 | 008,653,312 | ---- | C] (Dell, Inc.                                                  ) -- C:\Users\Ruder\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Konstantin\Desktop\*.tmp files -> C:\Users\Konstantin\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/15 13:39:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 13:38:42 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:38:42 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:38:34 | 4225,683,455 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/15 10:35:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/07/15 10:12:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/15 09:29:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireFly Studios
[2012/07/15 08:20:20 | 000,002,655 | ---- | M] () -- C:\Users\Ruder\Desktop\Microsoft Office Word 2007.lnk
[2012/07/15 07:59:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012/07/15 06:21:58 | 003,181,681 | ---- | M] () -- C:\Users\Ruder\Desktop\DSC05798.JPG
[2012/07/15 06:21:41 | 000,628,724 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/15 06:21:41 | 000,596,018 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/15 06:21:41 | 000,126,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/15 06:21:41 | 000,104,092 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/15 05:20:22 | 000,030,208 | ---- | M] () -- C:\Users\Ruder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/14 19:11:03 | 000,001,730 | ---- | M] () -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/14 08:33:36 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/07/14 04:52:39 | 000,336,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/13 15:35:45 | 001,593,360 | ---- | M] () -- C:\Users\Ruder\Desktop\UNDER MY SKIN.psd
[2012/07/13 03:32:04 | 020,445,274 | ---- | M] () -- C:\Users\Ruder\Desktop\Schwester.jpg
[2012/07/12 03:12:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 03:12:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/05 16:28:54 | 000,000,843 | ---- | M] () -- C:\Users\Ruder\Desktop\Stronghold.lnk
[2012/07/05 16:28:07 | 000,000,838 | ---- | M] () -- C:\Users\Ruder\Desktop\Origin.lnk
[2012/07/05 16:28:02 | 000,001,672 | ---- | M] () -- C:\Users\Ruder\Desktop\ICQ7M.lnk
[2012/07/05 14:43:42 | 000,028,386 | ---- | M] () -- C:\Users\Konstantin\Desktop\M107118868.pdf
[2012/07/05 06:15:58 | 000,126,924 | ---- | M] () -- C:\Users\Konstantin\Desktop\Antrag.pdf
[2012/07/05 06:13:44 | 000,232,065 | ---- | M] () -- C:\Users\Konstantin\Desktop\Download.pdf
[2012/07/03 03:59:21 | 000,104,367 | ---- | M] () -- C:\Users\Ruder\Desktop\DSC00494.jpg
[2012/07/03 03:57:51 | 000,083,562 | ---- | M] () -- C:\Users\Ruder\Desktop\DSC00476.jpg
[2012/07/02 05:27:10 | 634,480,175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/01 16:29:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/01 16:10:25 | 000,000,908 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverTuner.lnk
[2012/06/29 06:12:36 | 000,003,768 | ---- | M] () -- C:\Users\Ruder\Desktop\GUTE LAUNE!!!!!.wpl
[2012/06/25 18:00:42 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 18:00:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 16:27:18 | 000,257,251 | ---- | M] () -- C:\Users\Ruder\Desktop\Selbsthypnose.pdf
[2012/06/25 01:29:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/06/24 15:04:43 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/24 15:03:05 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/06/21 07:34:05 | 000,000,961 | ---- | M] () -- C:\Users\Ruder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/06/19 14:01:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012/06/18 04:45:58 | 000,211,480 | ---- | M] () -- C:\Users\Ruder\Desktop\1338483433-739.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Konstantin\Desktop\*.tmp files -> C:\Users\Konstantin\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/15 07:39:42 | 4225,683,455 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/15 06:30:32 | 000,237,849 | ---- | C] () -- C:\Users\Ruder\Desktop\grub.exe
[2012/07/15 06:30:32 | 000,028,160 | ---- | C] () -- C:\Users\Ruder\Desktop\syslinux.exe
[2012/07/15 06:30:32 | 000,000,237 | ---- | C] () -- C:\Users\Ruder\Desktop\syslinux.cfg
[2012/07/15 06:22:17 | 003,181,681 | ---- | C] () -- C:\Users\Ruder\Desktop\DSC05798.JPG
[2012/07/15 06:22:16 | 001,349,261 | ---- | C] () -- C:\Users\Ruder\Desktop\100_1479.JPG
[2012/07/14 19:11:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012/07/14 19:11:03 | 000,001,730 | ---- | C] () -- C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/13 15:31:48 | 001,593,360 | ---- | C] () -- C:\Users\Ruder\Desktop\UNDER MY SKIN.psd
[2012/07/13 03:31:59 | 020,445,274 | ---- | C] () -- C:\Users\Ruder\Desktop\Schwester.jpg
[2012/07/05 16:36:00 | 000,002,655 | ---- | C] () -- C:\Users\Ruder\Desktop\Microsoft Office Word 2007.lnk
[2012/07/05 16:28:54 | 000,000,843 | ---- | C] () -- C:\Users\Ruder\Desktop\Stronghold.lnk
[2012/07/05 16:28:07 | 000,000,838 | ---- | C] () -- C:\Users\Ruder\Desktop\Origin.lnk
[2012/07/05 16:28:02 | 000,001,672 | ---- | C] () -- C:\Users\Ruder\Desktop\ICQ7M.lnk
[2012/07/05 14:43:41 | 000,028,386 | ---- | C] () -- C:\Users\Konstantin\Desktop\M107118868.pdf
[2012/07/05 06:15:58 | 000,126,924 | ---- | C] () -- C:\Users\Konstantin\Desktop\Antrag.pdf
[2012/07/05 06:13:44 | 000,232,065 | ---- | C] () -- C:\Users\Konstantin\Desktop\Download.pdf
[2012/07/03 03:59:20 | 000,104,367 | ---- | C] () -- C:\Users\Ruder\Desktop\DSC00494.jpg
[2012/07/03 03:57:49 | 000,083,562 | ---- | C] () -- C:\Users\Ruder\Desktop\DSC00476.jpg
[2012/07/02 05:27:10 | 634,480,175 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/01 16:10:25 | 000,000,908 | ---- | C] () -- C:\Users\Ruder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverTuner.lnk
[2012/06/29 06:12:36 | 000,003,768 | ---- | C] () -- C:\Users\Ruder\Desktop\GUTE LAUNE!!!!!.wpl
[2012/06/25 16:27:18 | 000,257,251 | ---- | C] () -- C:\Users\Ruder\Desktop\Selbsthypnose.pdf
[2012/06/21 07:34:05 | 000,000,961 | ---- | C] () -- C:\Users\Ruder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/06/18 04:45:58 | 000,211,480 | ---- | C] () -- C:\Users\Ruder\Desktop\1338483433-739.jpg
[2012/02/19 10:32:48 | 000,004,910 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2012/02/10 17:39:02 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/12/05 12:13:26 | 000,000,026 | ---- | C] () -- C:\Windows\DEAMM.INI
[2011/12/05 12:12:27 | 001,030,144 | ---- | C] () -- C:\Windows\SysWow64\FTFT011N.DLL
[2011/12/05 12:12:27 | 000,533,504 | ---- | C] () -- C:\Windows\SysWow64\FTEX007N.DLL
[2011/12/05 12:12:26 | 000,338,510 | ---- | C] () -- C:\Windows\SysWow64\SFI.DLL
[2011/12/05 12:12:26 | 000,078,599 | ---- | C] () -- C:\Windows\SysWow64\FINDAPP.DLL
[2011/12/05 12:12:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\QTINFO.DLL
[2011/12/05 12:12:26 | 000,050,676 | ---- | C] () -- C:\Windows\SysWow64\ZSCOMPR.DLL
[2011/12/05 12:12:26 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FTEI007N.DLL
[2011/12/05 12:12:26 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\FTET007N.DLL
[2011/12/05 12:12:26 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\FTEH006N.DLL
[2011/12/05 12:12:25 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\FindTask.dll
[2011/12/05 12:12:25 | 000,021,385 | ---- | C] () -- C:\Windows\SysWow64\VRTele.bin
[2011/04/17 14:38:37 | 000,000,732 | ---- | C] () -- C:\Windows\wiso.ini
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/22 05:13:31 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/13 11:03:08 | 000,164,311 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/01/13 11:02:20 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/29 20:00:51 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/29 20:00:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DD9DAA00D7.sys
[2010/08/22 16:40:29 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\ATWTINK.DLL
[2010/07/19 13:13:19 | 000,000,044 | ---- | C] () -- C:\ProgramData\.SimImages
[2010/06/18 16:39:43 | 000,060,416 | ---- | C] () -- C:\Windows\SysWow64\OPCENUM.EXE
[2010/05/12 12:14:03 | 000,000,461 | ---- | C] () -- C:\Users\Ruder\AppData\Roaming\Poladroid prefs.plist
[2010/04/15 11:15:05 | 000,000,732 | ---- | C] () -- C:\Users\Ruder\AppData\Local\d3d9caps64.dat
[2010/04/02 13:44:08 | 000,000,680 | ---- | C] () -- C:\Users\Konstantin\AppData\Local\d3d9caps.dat
[2010/03/07 08:54:49 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/01/18 16:20:24 | 000,000,680 | ---- | C] () -- C:\Users\Ruder\AppData\Local\d3d9caps.dat
[2009/12/03 16:01:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 15:45:14 | 000,000,045 | ---- | C] () -- C:\Windows\Twacker.ini
[2009/12/03 15:45:13 | 000,000,036 | ---- | C] () -- C:\Windows\lifeview.ini
[2009/09/12 07:43:10 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/09/12 07:43:10 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/09/12 07:43:10 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/09/12 07:43:10 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/09/12 07:43:10 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/09/12 07:43:10 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/07/20 06:28:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/20 06:28:21 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/20 06:28:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/25 09:45:18 | 000,012,288 | ---- | C] () -- C:\Users\Konstantin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/25 09:33:08 | 000,028,980 | ---- | C] () -- C:\Users\Konstantin\AppData\Roaming\UserTile.png
[2009/06/23 16:08:00 | 000,030,208 | ---- | C] () -- C:\Users\Ruder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/23 05:54:05 | 000,024,147 | ---- | C] () -- C:\Users\Ruder\AppData\Roaming\UserTile.png
[2009/06/23 05:02:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/06/19 00:38:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/19 00:20:34 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009/06/18 15:25:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/10/07 04:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/19 09:25:08 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2007/03/12 13:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/10/15 08:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\myodbc3i.exe
[2005/10/15 08:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\myodbc3m.exe
 
========== LOP Check ==========
 
[2011/06/23 03:53:12 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011/02/15 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TuneUp Software
[2012/02/20 04:21:43 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2012/02/20 02:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011/12/22 08:12:01 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\TuneUp Software
[2012/01/22 09:45:48 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\Wacom
[2012/02/07 09:57:59 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010/03/18 14:52:54 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Ascaron Entertainment
[2012/02/20 20:17:21 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Autodesk
[2011/04/17 14:39:41 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Buhl Data Service
[2011/08/23 11:51:25 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DassaultSystemes
[2011/05/14 12:45:16 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\DocOnCD
[2010/10/29 04:16:03 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\GetRightToGo
[2010/03/30 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\ICQ
[2012/05/12 16:02:20 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\My Games
[2009/06/25 09:39:38 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\PeerNetworking
[2010/01/05 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\RTPlayer
[2010/08/10 12:21:44 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\temp
[2011/03/01 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\The Creative Assembly
[2010/05/15 07:26:39 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TomTom
[2010/12/10 14:10:53 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\TuneUp Software
[2012/01/21 04:52:43 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\Wacom
[2012/02/13 13:44:59 | 000,000,000 | ---D | M] -- C:\Users\Konstantin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010/05/24 13:55:52 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Amazon
[2012/02/13 05:03:34 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Ambient Design
[2010/08/12 09:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Anthropics
[2010/11/28 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Artweaver
[2012/02/20 06:33:36 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Autodesk
[2012/02/10 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Babylon
[2012/06/24 13:51:27 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\BrowserCompanion
[2012/01/11 09:36:13 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\CasaPortale.de
[2010/08/11 16:41:45 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\com.gugga.inTouch.5F38BFD43016A92ECF6B8272C407E5E3E2F4A2AF.1
[2011/05/20 11:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\com.gugga.radiomini
[2011/11/06 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2011/05/20 11:33:08 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2010/11/29 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DAZ 3D
[2011/04/21 20:02:43 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DeskSoft
[2011/05/21 02:31:31 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DocOnCD
[2009/08/19 04:15:22 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Duden
[2012/05/29 10:50:15 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DVDVideoSoft
[2012/05/29 10:50:09 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/06/23 06:20:51 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Ergo
[2011/04/24 18:08:33 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Firefly Studios
[2010/11/28 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\gtk-2.0
[2012/07/15 05:43:56 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\ICQ
[2009/11/29 08:32:56 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\ICQLite
[2010/07/14 17:49:24 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Inkscape
[2011/01/26 07:37:40 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\IrfanView
[2011/06/17 08:13:19 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011/01/10 10:10:56 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Local
[2010/03/09 15:00:34 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Miranda
[2012/06/21 04:04:03 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\My Games
[2012/05/29 10:50:15 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\OpenCandy
[2012/07/01 17:13:45 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Origin
[2009/06/25 09:32:04 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\PeerNetworking
[2012/02/06 04:39:38 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\PhotoScape
[2009/11/23 13:14:16 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Planetside Software
[2009/06/24 12:44:46 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\RTPlayer
[2012/07/01 17:52:52 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\SPORE Creature Creator
[2010/01/28 17:24:11 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\TomTom
[2010/12/11 13:13:41 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\TuneUp Software
[2009/11/23 13:14:16 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\uk.co.planetside
[2010/01/16 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Uniblue
[2011/11/09 05:47:45 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Vision Objects
[2010/10/15 03:11:26 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Vivox
[2012/01/20 14:43:20 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Wacom
[2012/01/20 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012/06/21 03:50:16 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\WeatherLord
[2012/02/19 10:28:04 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Windows Live Writer
[2009/11/06 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\Winsplit Revolution
[2012/02/27 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\Ruder\AppData\Roaming\XnView
[2012/02/20 06:33:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Alias
[2009/06/23 04:46:58 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/06/23 05:36:53 | 000,000,000 | ---D | M] -- C:\ProgramData\AppData
[2010/11/28 12:45:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Artweaver
[2012/04/05 04:59:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2011/11/05 04:18:04 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2012/02/10 17:38:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/05/07 10:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2011/09/04 10:17:46 | 000,000,000 | ---D | M] -- C:\ProgramData\DassaultSystemes
[2009/06/23 04:46:58 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/06/23 04:46:58 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/08/05 10:25:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Duden
[2012/07/01 17:47:16 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/06/07 09:53:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/06/23 04:46:58 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2011/04/24 18:06:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2010/02/14 15:15:13 | 000,000,000 | ---D | M] -- C:\ProgramData\fluxDVD
[2011/02/11 14:42:29 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2012/06/21 03:50:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2009/12/01 16:31:21 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2010/02/27 18:10:39 | 000,000,000 | ---D | M] -- C:\ProgramData\mpDRM
[2009/11/27 15:44:56 | 000,000,000 | ---D | M] -- C:\ProgramData\OptiTex
[2012/07/01 17:46:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2009/09/12 08:01:59 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/06/18 15:18:31 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/06/18 15:18:31 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2009/06/23 16:24:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2009/06/23 14:06:46 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2012/02/13 16:34:09 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/04/05 03:50:40 | 000,000,000 | ---D | M] -- C:\ProgramData\SecTaskMan
[2011/02/09 13:23:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Siemens
[2010/12/11 09:40:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2009/06/23 04:46:58 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/06/18 15:18:33 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2012/01/02 07:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Tablet
[2010/01/28 17:24:47 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2010/12/10 14:12:58 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2009/06/23 04:46:58 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/01/20 14:48:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Wacom
[2012/06/21 03:50:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WeatherLord
[2010/11/22 10:38:10 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/07/15 13:39:17 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/05 08:31:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/12/26 13:11:22 | 000,000,000 | ---D | M] -- C:\ai
[2010/01/08 09:27:57 | 000,000,000 | ---D | M] -- C:\ALUpdate
[2012/07/15 08:36:10 | 000,000,000 | ---D | M] -- C:\ALZip
[2012/07/01 16:25:18 | 000,000,000 | ---D | M] -- C:\AMD
[2012/03/07 11:51:50 | 000,000,000 | ---D | M] -- C:\art
[2012/02/20 06:32:32 | 000,000,000 | ---D | M] -- C:\Autodesk
[2009/07/20 06:57:33 | 000,000,000 | -HSD | M] -- C:\Boot
[2010/12/05 14:56:39 | 000,000,000 | ---D | M] -- C:\CCleaner
[2012/07/12 17:57:05 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2012/03/07 11:53:03 | 000,000,000 | ---D | M] -- C:\DATA
[2011/12/26 13:21:35 | 000,000,000 | ---D | M] -- C:\Debug
[2009/06/23 05:25:30 | 000,000,000 | ---D | M] -- C:\DELL
[2009/06/23 04:46:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010/08/22 17:01:23 | 000,000,000 | ---D | M] -- C:\download
[2008/06/30 01:50:22 | 000,000,000 | ---D | M] -- C:\Drivers
[2011/04/17 04:43:09 | 000,000,000 | ---D | M] -- C:\Europa Universalis III
[2012/07/12 08:38:49 | 000,000,000 | ---D | M] -- C:\fonts
[2011/01/16 10:26:16 | 000,000,000 | -HSD | M] -- C:\found.000
[2010/08/03 16:19:38 | 000,000,000 | ---D | M] -- C:\geschützte Bilder
[2009/06/18 15:12:06 | 000,000,000 | ---D | M] -- C:\Intel
[2011/04/17 04:46:45 | 000,000,000 | ---D | M] -- C:\Medieval II Total War
[2011/08/21 08:56:24 | 000,000,000 | ---D | M] -- C:\Missler
[2009/06/18 15:13:56 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010/08/17 14:17:22 | 000,000,000 | ---D | M] -- C:\MyAlbum
[2011/01/07 15:37:18 | 000,000,000 | ---D | M] -- C:\OpenTTD
[2008/01/20 23:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/01/02 16:48:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/15 10:35:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/07/14 19:11:03 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/06/23 04:46:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2011/08/21 08:42:35 | 000,000,000 | ---D | M] -- C:\Projekte
[2009/07/23 13:02:54 | 000,000,000 | ---D | M] -- C:\Python25
[2011/12/26 13:21:51 | 000,000,000 | ---D | M] -- C:\render
[2012/03/07 11:53:04 | 000,000,000 | ---D | M] -- C:\rm
[2011/12/26 13:22:00 | 000,000,000 | ---D | M] -- C:\rmdll
[2011/01/27 15:35:19 | 000,000,000 | ---D | M] -- C:\RooArr Export
[2012/03/07 11:53:11 | 000,000,000 | ---D | M] -- C:\Scenario
[2010/06/18 16:40:24 | 000,000,000 | ---D | M] -- C:\Siemens
[2011/02/09 14:31:56 | 000,000,000 | ---D | M] -- C:\Si_Train
[2010/01/30 17:06:58 | 000,000,000 | ---D | M] -- C:\Slitherine
[2012/03/07 12:04:36 | 000,000,000 | ---D | M] -- C:\sound
[2011/12/26 13:43:45 | 000,000,000 | ---D | M] -- C:\startup
[2012/07/14 22:49:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/02/09 13:47:07 | 000,000,000 | ---D | M] -- C:\Temp
[2010/08/03 08:31:37 | 000,000,000 | ---D | M] -- C:\Testbilder
[2010/06/18 16:40:41 | 000,000,000 | ---D | M] -- C:\tmp
[2010/05/15 07:26:30 | 000,000,000 | ---D | M] -- C:\TomTom HOME 2
[2011/12/26 13:43:45 | 000,000,000 | ---D | M] -- C:\trigger
[2011/12/12 09:37:31 | 000,000,000 | ---D | M] -- C:\USB WEBCAM
[2011/12/26 13:43:45 | 000,000,000 | R--D | M] -- C:\Users
[2011/05/06 17:43:48 | 000,000,000 | ---D | M] -- C:\Walter
[2012/07/02 05:38:12 | 000,000,000 | ---D | M] -- C:\Windows
[2009/09/12 07:44:18 | 000,000,000 | -HSD | M] -- C:\WinDVRHistory
[2010/06/23 06:14:26 | 000,000,000 | ---D | M] -- C:\WTablet
[2011/12/05 12:14:30 | 000,000,000 | ---D | M] -- C:\~QTWTMP.TMP
 
< %PROGRAMFILES%\*.exe >
[2007/03/12 13:59:00 | 000,299,008 | ---- | M] () -- C:\Program Files\navigram_register.exe
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2006/11/02 08:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_c41411ff\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_986ce78a\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_eee87d92\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/06/19 00:21:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2006/11/02 08:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/06/19 00:21:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\System32\drivers\atapi.sys
[2009/06/19 00:21:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_2e70e17b\atapi.sys
[2009/06/19 00:21:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\System32\cngaudit.dll
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/06/19 00:36:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/06/19 00:36:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/06/19 00:36:24 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/06/19 00:36:23 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/06/19 00:36:24 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/06/19 00:36:23 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/06/19 00:36:23 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/06/19 00:36:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008/06/30 01:50:26 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Drivers\storage\R190313\IaStor.sys
[2008/04/15 11:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/06/30 01:50:26 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\System32\drivers\iaStor.sys
[2008/06/30 01:50:26 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_9b21cd90\iaStor.sys
[2008/06/30 01:50:26 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_28914975\iaStor.sys
[2008/04/15 11:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_fbe95c71\iaStorV.sys
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006/11/02 07:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_69d79584\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\System32\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 08:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_a5403adf\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_63cdbcfd\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\System32\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008/01/20 22:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008/01/20 22:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/11 03:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\System32\user32.dll
[2009/04/11 03:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\System32\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\System32\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/01/20 22:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/20 22:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/21 00:14:16 | 026,247,168 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 00:13:53 | 000,110,592 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 00:14:16 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 08:50:51 | 019,435,520 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 08:50:51 | 001,806,336 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< End of report >
--- --- ---

Ok, Antivir hat den Trojaner plötzlich gefunden, alles läuft wie bisher, vielen Dank für die Hilfe. :applaus:

P.S. Kann ein Admin evtl. die OTLs meiner Beiträge löschen?

markusg 17.07.2012 22:45
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - Startup: C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Tivena 18.07.2012 09:20
Ok, Antivir hat den Trojaner plötzlich gefunden, alles läuft wie bisher, vielen Dank für die Hilfe.

P.S. Kann ein Admin evtl. die OTLs meiner Beiträge löschen?

markusg 19.07.2012 19:12
hi
höchstens persönliche daten wie namen
logs löschen wir nicht, und nur weil avira etwas gefunden hatt, heißt es nicht, dass der pc sauber ist. was wurde wo gefunden?

Tivena 19.07.2012 19:45
Stand oben im Edit: Antivir hat gerade etwas gefunden: Dateiname "fest0r_ot.exe Meldung: TR/Drop.Injector.fjop

Ja, ich weiß :( Anscheinend komme ich sowieso nicht drumherum, Windows neu aufzuspielen. Wenigstens ist mal für den Moment Ruhe, um die Daten zu retten.

Ja, wenn wenigstens die persönlichen Daten entfernt würden, wäre das super.

Also, trotzdem vielen Dank für alles :dankeschoen:

markusg 19.07.2012 23:19
benötigst du hilfe beim neu aufsetzen pc absichern und daten retten?

Tivena 20.07.2012 10:59
Danke, dass du fragst.
Nunja, ich werde mir gleich Windows 7 holen und habe gelesen, dass man die Festplatten "entpartitioniren" und dann wieder partitionieren soll. Wie das geht, weiß ich noch nicht.
Ansonsten hätte ich alle Daten auf die externe Festplatte gespeichert, alle anderen Speichermedien formatiert und Win7 einfach neu installiert :confused:
Nur, was wenn der Trojaner auf der ext. Festplatte ist und wieder mit aufs neue System geschleust wird? :confused:
Da bin ich mir noch nicht ganz im Klaren drüber, wie das funktionieren soll...

markusg 25.07.2012 20:47
hi
das neue system wird erst abgesichert
während der windows instalation über erweiterte optionen kannst du die partitionen löschen


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131