Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   w*w.searchqu.com/403 ungewollte "Startseite" in Firefox (https://www.trojaner-board.de/94758-w-w-searchqu-com-403-ungewollte-startseite-firefox.html)

RayParker 15.01.2011 17:58
w*w.searchqu.com/403 ungewollte "Startseite" in Firefox
 
Hallo, beim Öffnen von Firefox erscheint als "Startseite" (statt google.de) "searchqu.com/403". habe in Foren nichts Brauchbares gefunden, die hier zu findenden Anweisungen habe ich duchgespielt. :crazy: Highjackthis, OTL etc. haben nichts gefunden. Wer weiß Rat? Vielen Dank!

markusg 15.01.2011 18:11
wo sind die logs? bitte poste die.

RayParker 15.01.2011 18:30
OTL Logfile:
Code:
OTL logfile created on: 15.01.2011 18:20:40 - Run 2
OTL by OldTimer - Version 3.2.20.2    Folder = C:\Users\XXX\Desktop\MFTools
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,06 Gb Total Space | 245,11 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive D: | 15,67 Gb Total Space | 2,68 Gb Free Space | 17,09% Space Free | Partition Type: FAT32
Drive J: | 298,09 Gb Total Space | 10,39 Gb Free Space | 3,49% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Fun4IM Coordinator) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project)
SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (athsgt) -- C:\Windows\System32\drivers\athsgt.sys ()
DRV - (limsgt) -- C:\Windows\System32\drivers\limsgt.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASKUTIL) -- C:\Users\XXX\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Users\XXX\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (CyberLink Corp.)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme\HomeCinema\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Medion | MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/403"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.02 23:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.11.27 10:48:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 13:02:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 13:02:31 | 000,000,000 | ---D | M]
 
[2011.01.13 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2011.01.15 17:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\at5r9ho1.default\extensions
[2010.09.09 19:48:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\at5r9ho1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.15 14:19:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\at5r9ho1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.10 17:28:49 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\at5r9ho1.default\extensions\finder@meingutscheincode.de
[2010.10.28 09:41:06 | 000,005,529 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchplugins\SearchquWebSearch.xml
[2011.01.13 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.02 23:56:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.28 09:41:06 | 000,005,529 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.15 15:01:44 | 000,428,664 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14761 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Programme\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Programme\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [LaunchList] C:\Programme\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} -  File not found
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} -  File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wia6eb~1\datamngr\datamngr.dll) - c:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\fun4im\bndhook.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\LIVESSP.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.16 19:10:50 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.15 17:18:03 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\HP
[2011.01.15 17:17:10 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Magix
[2011.01.15 17:16:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\DVDProgs
[2011.01.15 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Spiele
[2011.01.15 16:22:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.15 16:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.15 16:20:19 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.01.15 16:07:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\MFTools
[2011.01.14 04:09:18 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Bandoo
[2011.01.13 18:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011.01.13 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM
[2011.01.13 18:48:42 | 000,000,000 | ---D | C] -- C:\Programme\Windows Searchqu Toolbar
[2011.01.13 18:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Fun4IM
[2011.01.12 05:23:35 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 05:23:33 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.12 05:23:33 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.12 05:23:33 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.12 05:23:33 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.12 05:23:32 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.12 05:23:32 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.12 05:23:32 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.12 05:23:32 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.12 05:23:32 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.12 05:23:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.12 05:23:31 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.12 05:23:31 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.12 05:23:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.12 05:23:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.12 05:23:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.09 20:34:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Concord PDF
[2011.01.06 03:01:24 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.01.02 14:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce
[2011.01.02 14:53:39 | 000,000,000 | ---D | C] -- C:\Programme\WinAce
[2011.01.01 20:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010.12.26 15:33:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\20101226
[2010.12.25 11:40:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\20101225
[2010.12.23 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\20101223
[2010.12.22 16:15:29 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Panasonic
[2010.12.22 16:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2010.12.22 16:12:53 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2010.12.22 16:12:53 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2010.12.22 16:12:53 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2010.12.22 16:12:53 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2010.12.22 16:12:53 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll
[2010.12.22 16:09:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Panasonic
[2010.12.22 16:09:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.12.22 16:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Panasonic
[2010.12.22 16:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2010.12.17 21:30:38 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft Games
[3 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.15 17:52:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.15 17:34:28 | 000,008,367 | ---- | M] () -- C:\Users\XXX\Desktop\Unbenannt 1.odt
[2011.01.15 17:34:28 | 000,000,098 | -H-- | M] () -- C:\Users\XXX\Desktop\.~lock.Unbenannt 1.odt#
[2011.01.15 17:33:43 | 000,000,098 | -H-- | M] () -- C:\Users\XXX\Desktop\.~lock.RBCQuiz.doc#
[2011.01.15 17:14:11 | 000,001,221 | ---- | M] () -- C:\Users\XXX\Desktop\Eigene Dokumente - Verknüpfung.lnk
[2011.01.15 17:12:52 | 000,026,727 | ---- | M] () -- C:\Users\XXX\Desktop\Desktop.zip
[2011.01.15 16:42:42 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.15 16:42:42 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.15 16:39:44 | 000,710,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.15 16:39:44 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.15 16:39:44 | 000,153,326 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.15 16:39:44 | 000,123,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.15 16:35:33 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.15 16:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.15 16:35:14 | 2414,485,504 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.15 16:31:05 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable
[2011.01.15 16:23:30 | 000,143,440 | ---- | M] () -- C:\Users\XXX\Desktop\RegSichERDNT.png
[2011.01.15 16:20:24 | 000,001,078 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.01.15 16:20:20 | 000,000,898 | ---- | M] () -- C:\Users\XXX\Desktop\NTREGOPT.lnk
[2011.01.15 16:20:20 | 000,000,879 | ---- | M] () -- C:\Users\XXX\Desktop\ERUNT.lnk
[2011.01.15 16:07:38 | 000,296,448 | ---- | M] () -- C:\Users\XXX\Desktop\g2m3e4r.exe
[2011.01.15 16:07:36 | 000,050,477 | ---- | M] () -- C:\Users\XXX\Desktop\defogger.exe
[2011.01.15 15:01:44 | 000,428,664 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.01.15 02:50:17 | 000,058,368 | ---- | M] () -- C:\Users\XXX\Desktop\RBCQuiz.doc
[2011.01.14 21:30:07 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.01.13 01:04:54 | 000,011,448 | ---- | M] () -- C:\Users\XXX\Documents\Tel.-Liste.odt
[2011.01.10 18:36:03 | 000,007,602 | ---- | M] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2011.01.08 14:11:19 | 000,016,432 | ---- | M] () -- C:\Users\XXX\Documents\Columbo-Brief.odt
[2011.01.07 21:00:35 | 000,022,260 | ---- | M] () -- C:\Users\XXX\Documents\ChatVorAbflugKaribik2011.odt
[2011.01.07 20:21:55 | 000,001,807 | ---- | M] () -- C:\Users\XXX\Documents\190865228 Erzsi - Verknüpfung.lnk
[2011.01.07 19:16:17 | 000,138,824 | ---- | M] () -- C:\Users\XXX\Documents\helicopter gone wild iraq.htm
[2011.01.06 10:18:40 | 000,001,204 | ---- | M] () -- C:\Users\XXX\Eigene Bilder - Verknüpfung.lnk
[2011.01.05 20:50:00 | 000,019,850 | ---- | M] () -- C:\Users\XXX\Documents\Chat.odt
[2011.01.01 22:25:39 | 000,428,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110115-150144.backup
[2011.01.01 20:53:32 | 000,001,220 | ---- | M] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk
[2010.12.23 22:00:17 | 000,001,037 | ---- | M] () -- C:\Users\XXX\Documents\20101223 - Verknüpfung.lnk
[2010.12.23 11:16:31 | 000,507,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.22 17:41:24 | 000,001,179 | ---- | M] () -- C:\Users\XXX\Documents\FS30_FS11_FS10_FS9 Bedienungsanleitung.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.15 17:34:01 | 000,000,098 | -H-- | C] () -- C:\Users\XXX\Desktop\.~lock.Unbenannt 1.odt#
[2011.01.15 17:34:00 | 000,008,367 | ---- | C] () -- C:\Users\XXX\Desktop\Unbenannt 1.odt
[2011.01.15 17:33:43 | 000,000,098 | -H-- | C] () -- C:\Users\XXX\Desktop\.~lock.RBCQuiz.doc#
[2011.01.15 17:14:11 | 000,001,221 | ---- | C] () -- C:\Users\XXX\Desktop\Eigene Dokumente - Verknüpfung.lnk
[2011.01.15 17:12:52 | 000,026,727 | ---- | C] () -- C:\Users\XXX\Desktop\Desktop.zip
[2011.01.15 16:31:05 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2011.01.15 16:23:30 | 000,143,440 | ---- | C] () -- C:\Users\XXX\Desktop\RegSichERDNT.png
[2011.01.15 16:20:24 | 000,001,078 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.01.15 16:20:20 | 000,000,898 | ---- | C] () -- C:\Users\XXX\Desktop\NTREGOPT.lnk
[2011.01.15 16:20:20 | 000,000,879 | ---- | C] () -- C:\Users\XXX\Desktop\ERUNT.lnk
[2011.01.15 16:07:37 | 000,296,448 | ---- | C] () -- C:\Users\XXX\Desktop\g2m3e4r.exe
[2011.01.15 16:07:36 | 000,050,477 | ---- | C] () -- C:\Users\XXX\Desktop\defogger.exe
[2011.01.08 14:11:17 | 000,016,432 | ---- | C] () -- C:\Users\XXX\Documents\Columbo-Brief.odt
[2011.01.07 21:00:31 | 000,022,260 | ---- | C] () -- C:\Users\XXX\Documents\ChatVorAbflugKaribik2011.odt
[2011.01.07 20:21:55 | 000,001,807 | ---- | C] () -- C:\Users\XXX\Documents\190865228 Erzsi - Verknüpfung.lnk
[2011.01.07 19:16:11 | 000,138,824 | ---- | C] () -- C:\Users\XXX\Documents\helicopter gone wild iraq.htm
[2011.01.06 10:18:40 | 000,001,204 | ---- | C] () -- C:\Users\XXX\Eigene Bilder - Verknüpfung.lnk
[2011.01.01 20:53:32 | 000,001,220 | ---- | C] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk
[2010.12.27 21:00:00 | 000,019,850 | ---- | C] () -- C:\Users\XXX\Documents\Chat.odt
[2010.12.23 22:00:17 | 000,001,037 | ---- | C] () -- C:\Users\XXX\Documents\20101223 - Verknüpfung.lnk
[2010.12.22 16:12:53 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.12.22 16:12:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.12.22 16:12:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.12.22 16:12:53 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.12.22 16:12:53 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.12.22 16:12:53 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.12.22 16:12:53 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.12.22 16:12:53 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010.12.22 16:12:53 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.12.22 16:12:53 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010.12.22 16:12:53 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010.12.22 16:12:53 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010.12.22 16:12:53 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010.12.22 16:12:53 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010.12.22 16:12:53 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010.12.22 16:12:53 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010.12.22 16:12:53 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010.12.22 16:12:53 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010.12.22 16:12:53 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010.12.22 16:12:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.12.22 16:12:53 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010.12.22 16:12:53 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010.12.22 16:12:53 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.12.22 16:12:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.12.22 16:12:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.12.22 16:12:53 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.12.22 16:12:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.12.22 16:12:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.12.22 16:12:53 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.12.22 16:12:53 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.12.22 16:12:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.12.22 16:12:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.22 16:02:37 | 000,001,179 | ---- | C] () -- C:\Users\XXX\Documents\FS30_FS11_FS10_FS9 Bedienungsanleitung.lnk
[2010.11.20 02:22:16 | 000,164,992 | ---- | C] () -- C:\Windows\System32\drivers\athsgt.sys
[2010.11.20 02:22:15 | 000,012,544 | ---- | C] () -- C:\Windows\System32\drivers\limsgt.sys
[2010.11.16 23:18:31 | 000,000,024 | ---- | C] () -- C:\ProgramData\__FileUploader.log
[2010.11.16 19:10:50 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2010.11.16 19:10:50 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2010.11.16 19:10:49 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2010.11.16 19:10:49 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2010.11.16 19:10:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2010.10.13 20:56:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.27 10:47:47 | 000,005,632 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 16:27:28 | 000,000,081 | ---- | C] () -- C:\Windows\CleaningLab.INI
[2010.08.04 16:10:37 | 000,000,000 | ---- | C] () -- C:\Windows\MusicEditor.INI
[2010.08.04 15:21:40 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2010.08.04 15:19:36 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.07.27 14:37:03 | 000,007,602 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2010.05.03 00:08:57 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.01 22:53:33 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.22 21:21:17 | 000,000,650 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2010.01.17 15:19:56 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.01.16 18:36:13 | 000,000,165 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\default.rss
[2010.01.15 19:31:55 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.01.15 19:31:54 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.01.15 19:31:28 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.09.11 11:31:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\XXX\AppData\Roaming\MafiaSetup.exe
 
========== LOP Check ==========
 
[2010.04.21 15:15:57 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\1morebee
[2011.01.14 04:09:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bandoo
[2010.04.21 23:27:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\BeachPartyCraze
[2010.05.01 21:55:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DeepBurner
[2010.03.12 18:23:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Die3Fragezeichen.air.E3673E89C7100A8BC0BBF73ECA7ED56FF289B8D3.1
[2010.04.21 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\EleFun Games
[2010.08.29 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\freshgames
[2010.04.21 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Gaijin Ent
[2011.01.07 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2010.08.04 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX
[2010.03.12 18:23:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org
[2010.03.12 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ProtectDisc
[2010.04.20 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Shape games
[2010.04.21 01:02:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TitanicMystery
[2010.03.12 18:23:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ubi.com
[2010.04.16 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Uniblue
[2010.04.10 13:04:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer
[2010.04.21 17:21:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\YoudaGames
[2010.10.20 01:08:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:DE4686B2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:6E11933F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:93226FE3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B093E177
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:8DA9DB01

< End of report >
--- --- ---
================================================================OTL Logfile:
Code:
OTL Extras logfile created on: 15.01.2011 18:20:40 - Run 2
OTL by OldTimer - Version 3.2.20.2    Folder = C:\Users\admin\Desktop\MFTools
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,06 Gb Total Space | 245,11 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive D: | 15,67 Gb Total Space | 2,68 Gb Free Space | 17,09% Space Free | Partition Type: FAT32
Drive J: | 298,09 Gb Total Space | 10,39 Gb Free Space | 3,49% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}" = True Crime - Streets of LA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2123EBD9-7017-8368-9FA1-26B6217EE7DA}" = Die drei Fragezeichen - Das Quiz
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50BDEE48-814D-C4BF-D9D9-5AFDC6AE5794}" = ATI Catalyst Install Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FE52176-F151-431E-9FCE-55CEDE7DBDAF}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{82680B83-6A0B-4501-9D97-CCE4F9D2BCC8}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D8054DBA-9404-496B-AE92-67DB96C6243B}" = 1914 - The Great War
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B16013-896E-41CB-8D8A-AFF1CE38841D}" = Imagine Picture Viewer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FAAA508A-05C0-488B-BFC2-F9217E545A81}" = Logitech Gaming Software
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"avast5" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"ClearProg" = ClearProg 1.6.0 Final
"Die3Fragezeichen.air.E3673E89C7100A8BC0BBF73ECA7ED56FF289B8D3.1" = Die drei Fragezeichen - Das Quiz
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Firebird SQL Server D" = Firebird SQL Server (D)
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"HP Photo Creations" = HP Photo Creations
"IL-2 Sturmovik" = IL-2 Sturmovik
"InstallShield_{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}" = True Crime - Streets of LA
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Standard)
"Luxus Liner Tycoon" = Luxus Liner Tycoon
"Mafia" = Mafia
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Music Cleaning Lab 2006 deluxe D" = MAGIX Music Cleaning Lab 2006 deluxe (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"RTL Biathlon 2009" = RTL Biathlon 2009
"RTL Winter Sports 2009" = RTL Winter Sports 2009
"Searchqu MediaBar" = Windows Searchqu Toolbar
"Ski Alpin Racing 2007_0001" = Ski Alpin Racing 2007
"Steam App 50130" = Mafia II
"Uninstall_is1" = Uninstall 1.0.0.1
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

RayParker 15.01.2011 18:30
OTL Logfile:
Code:
OTL logfile created on: 15.01.2011 18:20:40 - Run 2
OTL by OldTimer - Version 3.2.20.2    Folder = C:\Users\XXX\Desktop\MFTools
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,06 Gb Total Space | 245,11 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive D: | 15,67 Gb Total Space | 2,68 Gb Free Space | 17,09% Space Free | Partition Type: FAT32
Drive J: | 298,09 Gb Total Space | 10,39 Gb Free Space | 3,49% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Fun4IM Coordinator) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project)
SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (athsgt) -- C:\Windows\System32\drivers\athsgt.sys ()
DRV - (limsgt) -- C:\Windows\System32\drivers\limsgt.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASKUTIL) -- C:\Users\XXX\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Users\XXX\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (CyberLink Corp.)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme\HomeCinema\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Medion | MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/403"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.02 23:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.11.27 10:48:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 13:02:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 13:02:31 | 000,000,000 | ---D | M]
 
[2011.01.13 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2011.01.15 17:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\at5r9ho1.default\extensions
[2010.09.09 19:48:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\at5r9ho1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.15 14:19:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\at5r9ho1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.10 17:28:49 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\at5r9ho1.default\extensions\finder@meingutscheincode.de
[2010.10.28 09:41:06 | 000,005,529 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchplugins\SearchquWebSearch.xml
[2011.01.13 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.02 23:56:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.28 09:41:06 | 000,005,529 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.15 15:01:44 | 000,428,664 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14761 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Programme\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Programme\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [LaunchList] C:\Programme\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} -  File not found
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} -  File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wia6eb~1\datamngr\datamngr.dll) - c:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\fun4im\bndhook.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\LIVESSP.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.16 19:10:50 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.15 17:18:03 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\HP
[2011.01.15 17:17:10 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Magix
[2011.01.15 17:16:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\DVDProgs
[2011.01.15 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Spiele
[2011.01.15 16:22:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.15 16:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.15 16:20:19 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.01.15 16:07:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\MFTools
[2011.01.14 04:09:18 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Bandoo
[2011.01.13 18:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011.01.13 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM
[2011.01.13 18:48:42 | 000,000,000 | ---D | C] -- C:\Programme\Windows Searchqu Toolbar
[2011.01.13 18:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Fun4IM
[2011.01.12 05:23:35 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 05:23:33 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.12 05:23:33 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.12 05:23:33 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.12 05:23:33 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.12 05:23:32 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.12 05:23:32 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.12 05:23:32 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.12 05:23:32 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.12 05:23:32 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.12 05:23:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.12 05:23:31 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.12 05:23:31 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.12 05:23:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.12 05:23:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.12 05:23:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.09 20:34:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Concord PDF
[2011.01.06 03:01:24 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.01.02 14:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce
[2011.01.02 14:53:39 | 000,000,000 | ---D | C] -- C:\Programme\WinAce
[2011.01.01 20:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010.12.26 15:33:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\20101226
[2010.12.25 11:40:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\20101225
[2010.12.23 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\20101223
[2010.12.22 16:15:29 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Panasonic
[2010.12.22 16:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2010.12.22 16:12:53 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2010.12.22 16:12:53 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2010.12.22 16:12:53 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2010.12.22 16:12:53 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2010.12.22 16:12:53 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll
[2010.12.22 16:09:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Panasonic
[2010.12.22 16:09:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.12.22 16:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Panasonic
[2010.12.22 16:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2010.12.17 21:30:38 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft Games
[3 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.15 17:52:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.15 17:34:28 | 000,008,367 | ---- | M] () -- C:\Users\XXX\Desktop\Unbenannt 1.odt
[2011.01.15 17:34:28 | 000,000,098 | -H-- | M] () -- C:\Users\XXX\Desktop\.~lock.Unbenannt 1.odt#
[2011.01.15 17:33:43 | 000,000,098 | -H-- | M] () -- C:\Users\XXX\Desktop\.~lock.RBCQuiz.doc#
[2011.01.15 17:14:11 | 000,001,221 | ---- | M] () -- C:\Users\XXX\Desktop\Eigene Dokumente - Verknüpfung.lnk
[2011.01.15 17:12:52 | 000,026,727 | ---- | M] () -- C:\Users\XXX\Desktop\Desktop.zip
[2011.01.15 16:42:42 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.15 16:42:42 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.15 16:39:44 | 000,710,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.15 16:39:44 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.15 16:39:44 | 000,153,326 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.15 16:39:44 | 000,123,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.15 16:35:33 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.15 16:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.15 16:35:14 | 2414,485,504 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.15 16:31:05 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable
[2011.01.15 16:23:30 | 000,143,440 | ---- | M] () -- C:\Users\XXX\Desktop\RegSichERDNT.png
[2011.01.15 16:20:24 | 000,001,078 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.01.15 16:20:20 | 000,000,898 | ---- | M] () -- C:\Users\XXX\Desktop\NTREGOPT.lnk
[2011.01.15 16:20:20 | 000,000,879 | ---- | M] () -- C:\Users\XXX\Desktop\ERUNT.lnk
[2011.01.15 16:07:38 | 000,296,448 | ---- | M] () -- C:\Users\XXX\Desktop\g2m3e4r.exe
[2011.01.15 16:07:36 | 000,050,477 | ---- | M] () -- C:\Users\XXX\Desktop\defogger.exe
[2011.01.15 15:01:44 | 000,428,664 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.01.15 02:50:17 | 000,058,368 | ---- | M] () -- C:\Users\XXX\Desktop\RBCQuiz.doc
[2011.01.14 21:30:07 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.01.13 01:04:54 | 000,011,448 | ---- | M] () -- C:\Users\XXX\Documents\Tel.-Liste.odt
[2011.01.10 18:36:03 | 000,007,602 | ---- | M] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2011.01.08 14:11:19 | 000,016,432 | ---- | M] () -- C:\Users\XXX\Documents\Columbo-Brief.odt
[2011.01.07 21:00:35 | 000,022,260 | ---- | M] () -- C:\Users\XXX\Documents\ChatVorAbflugKaribik2011.odt
[2011.01.07 20:21:55 | 000,001,807 | ---- | M] () -- C:\Users\XXX\Documents\190865228 Erzsi - Verknüpfung.lnk
[2011.01.07 19:16:17 | 000,138,824 | ---- | M] () -- C:\Users\XXX\Documents\helicopter gone wild iraq.htm
[2011.01.06 10:18:40 | 000,001,204 | ---- | M] () -- C:\Users\XXX\Eigene Bilder - Verknüpfung.lnk
[2011.01.05 20:50:00 | 000,019,850 | ---- | M] () -- C:\Users\XXX\Documents\Chat.odt
[2011.01.01 22:25:39 | 000,428,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110115-150144.backup
[2011.01.01 20:53:32 | 000,001,220 | ---- | M] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk
[2010.12.23 22:00:17 | 000,001,037 | ---- | M] () -- C:\Users\XXX\Documents\20101223 - Verknüpfung.lnk
[2010.12.23 11:16:31 | 000,507,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.22 17:41:24 | 000,001,179 | ---- | M] () -- C:\Users\XXX\Documents\FS30_FS11_FS10_FS9 Bedienungsanleitung.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.15 17:34:01 | 000,000,098 | -H-- | C] () -- C:\Users\XXX\Desktop\.~lock.Unbenannt 1.odt#
[2011.01.15 17:34:00 | 000,008,367 | ---- | C] () -- C:\Users\XXX\Desktop\Unbenannt 1.odt
[2011.01.15 17:33:43 | 000,000,098 | -H-- | C] () -- C:\Users\XXX\Desktop\.~lock.RBCQuiz.doc#
[2011.01.15 17:14:11 | 000,001,221 | ---- | C] () -- C:\Users\XXX\Desktop\Eigene Dokumente - Verknüpfung.lnk
[2011.01.15 17:12:52 | 000,026,727 | ---- | C] () -- C:\Users\XXX\Desktop\Desktop.zip
[2011.01.15 16:31:05 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2011.01.15 16:23:30 | 000,143,440 | ---- | C] () -- C:\Users\XXX\Desktop\RegSichERDNT.png
[2011.01.15 16:20:24 | 000,001,078 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.01.15 16:20:20 | 000,000,898 | ---- | C] () -- C:\Users\XXX\Desktop\NTREGOPT.lnk
[2011.01.15 16:20:20 | 000,000,879 | ---- | C] () -- C:\Users\XXX\Desktop\ERUNT.lnk
[2011.01.15 16:07:37 | 000,296,448 | ---- | C] () -- C:\Users\XXX\Desktop\g2m3e4r.exe
[2011.01.15 16:07:36 | 000,050,477 | ---- | C] () -- C:\Users\XXX\Desktop\defogger.exe
[2011.01.08 14:11:17 | 000,016,432 | ---- | C] () -- C:\Users\XXX\Documents\Columbo-Brief.odt
[2011.01.07 21:00:31 | 000,022,260 | ---- | C] () -- C:\Users\XXX\Documents\ChatVorAbflugKaribik2011.odt
[2011.01.07 20:21:55 | 000,001,807 | ---- | C] () -- C:\Users\XXX\Documents\190865228 Erzsi - Verknüpfung.lnk
[2011.01.07 19:16:11 | 000,138,824 | ---- | C] () -- C:\Users\XXX\Documents\helicopter gone wild iraq.htm
[2011.01.06 10:18:40 | 000,001,204 | ---- | C] () -- C:\Users\XXX\Eigene Bilder - Verknüpfung.lnk
[2011.01.01 20:53:32 | 000,001,220 | ---- | C] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk
[2010.12.27 21:00:00 | 000,019,850 | ---- | C] () -- C:\Users\XXX\Documents\Chat.odt
[2010.12.23 22:00:17 | 000,001,037 | ---- | C] () -- C:\Users\XXX\Documents\20101223 - Verknüpfung.lnk
[2010.12.22 16:12:53 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.12.22 16:12:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.12.22 16:12:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.12.22 16:12:53 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.12.22 16:12:53 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.12.22 16:12:53 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.12.22 16:12:53 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.12.22 16:12:53 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010.12.22 16:12:53 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.12.22 16:12:53 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010.12.22 16:12:53 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010.12.22 16:12:53 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010.12.22 16:12:53 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010.12.22 16:12:53 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010.12.22 16:12:53 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010.12.22 16:12:53 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010.12.22 16:12:53 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010.12.22 16:12:53 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010.12.22 16:12:53 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010.12.22 16:12:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.12.22 16:12:53 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010.12.22 16:12:53 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010.12.22 16:12:53 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.12.22 16:12:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.12.22 16:12:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.12.22 16:12:53 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.12.22 16:12:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.12.22 16:12:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.12.22 16:12:53 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.12.22 16:12:53 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.12.22 16:12:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.12.22 16:12:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.22 16:02:37 | 000,001,179 | ---- | C] () -- C:\Users\XXX\Documents\FS30_FS11_FS10_FS9 Bedienungsanleitung.lnk
[2010.11.20 02:22:16 | 000,164,992 | ---- | C] () -- C:\Windows\System32\drivers\athsgt.sys
[2010.11.20 02:22:15 | 000,012,544 | ---- | C] () -- C:\Windows\System32\drivers\limsgt.sys
[2010.11.16 23:18:31 | 000,000,024 | ---- | C] () -- C:\ProgramData\__FileUploader.log
[2010.11.16 19:10:50 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2010.11.16 19:10:50 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2010.11.16 19:10:49 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2010.11.16 19:10:49 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2010.11.16 19:10:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2010.10.13 20:56:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.27 10:47:47 | 000,005,632 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 16:27:28 | 000,000,081 | ---- | C] () -- C:\Windows\CleaningLab.INI
[2010.08.04 16:10:37 | 000,000,000 | ---- | C] () -- C:\Windows\MusicEditor.INI
[2010.08.04 15:21:40 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2010.08.04 15:19:36 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.07.27 14:37:03 | 000,007,602 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2010.05.03 00:08:57 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.01 22:53:33 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.22 21:21:17 | 000,000,650 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2010.01.17 15:19:56 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.01.16 18:36:13 | 000,000,165 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\default.rss
[2010.01.15 19:31:55 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.01.15 19:31:54 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.01.15 19:31:28 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.09.11 11:31:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\XXX\AppData\Roaming\MafiaSetup.exe
 
========== LOP Check ==========
 
[2010.04.21 15:15:57 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\1morebee
[2011.01.14 04:09:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bandoo
[2010.04.21 23:27:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\BeachPartyCraze
[2010.05.01 21:55:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DeepBurner
[2010.03.12 18:23:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Die3Fragezeichen.air.E3673E89C7100A8BC0BBF73ECA7ED56FF289B8D3.1
[2010.04.21 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\EleFun Games
[2010.08.29 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\freshgames
[2010.04.21 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Gaijin Ent
[2011.01.07 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2010.08.04 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX
[2010.03.12 18:23:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org
[2010.03.12 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ProtectDisc
[2010.04.20 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Shape games
[2010.04.21 01:02:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TitanicMystery
[2010.03.12 18:23:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ubi.com
[2010.04.16 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Uniblue
[2010.04.10 13:04:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer
[2010.04.21 17:21:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\YoudaGames
[2010.10.20 01:08:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:DE4686B2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:6E11933F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:93226FE3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B093E177
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:8DA9DB01

< End of report >
--- --- ---
================================================================OTL Logfile:
Code:
OTL Extras logfile created on: 15.01.2011 18:20:40 - Run 2
OTL by OldTimer - Version 3.2.20.2    Folder = C:\Users\admin\Desktop\MFTools
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,06 Gb Total Space | 245,11 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive D: | 15,67 Gb Total Space | 2,68 Gb Free Space | 17,09% Space Free | Partition Type: FAT32
Drive J: | 298,09 Gb Total Space | 10,39 Gb Free Space | 3,49% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}" = True Crime - Streets of LA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2123EBD9-7017-8368-9FA1-26B6217EE7DA}" = Die drei Fragezeichen - Das Quiz
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50BDEE48-814D-C4BF-D9D9-5AFDC6AE5794}" = ATI Catalyst Install Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FE52176-F151-431E-9FCE-55CEDE7DBDAF}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{82680B83-6A0B-4501-9D97-CCE4F9D2BCC8}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D8054DBA-9404-496B-AE92-67DB96C6243B}" = 1914 - The Great War
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B16013-896E-41CB-8D8A-AFF1CE38841D}" = Imagine Picture Viewer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FAAA508A-05C0-488B-BFC2-F9217E545A81}" = Logitech Gaming Software
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"avast5" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"ClearProg" = ClearProg 1.6.0 Final
"Die3Fragezeichen.air.E3673E89C7100A8BC0BBF73ECA7ED56FF289B8D3.1" = Die drei Fragezeichen - Das Quiz
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Firebird SQL Server D" = Firebird SQL Server (D)
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"HP Photo Creations" = HP Photo Creations
"IL-2 Sturmovik" = IL-2 Sturmovik
"InstallShield_{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}" = True Crime - Streets of LA
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Standard)
"Luxus Liner Tycoon" = Luxus Liner Tycoon
"Mafia" = Mafia
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Music Cleaning Lab 2006 deluxe D" = MAGIX Music Cleaning Lab 2006 deluxe (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"RTL Biathlon 2009" = RTL Biathlon 2009
"RTL Winter Sports 2009" = RTL Winter Sports 2009
"Searchqu MediaBar" = Windows Searchqu Toolbar
"Ski Alpin Racing 2007_0001" = Ski Alpin Racing 2007
"Steam App 50130" = Mafia II
"Uninstall_is1" = Uninstall 1.0.0.1
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

markusg 15.01.2011 18:48
1. deinstaliere spybot, es stört die reinigung, neustart.
2.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

RayParker 15.01.2011 19:33
Combofix Logfile:
Code:
ComboFix 11-01-14.01 - XXX 15.01.2011  19:07:43.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3070.1978 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchplugins\SearchquWebSearch.xml
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\games\GameCategories.xml
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\games\GameTypes.xml
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\guid.dat
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\preferences.dat
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\stats.dat
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\uninstallFF.dat
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\weather\19b4beeefe65860aff32fba675029a4c
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\weather\6fe29b9b24cc3e1a3919cc9136e503c9
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\weather\forecasts_cache.xml
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\weather\observations_cache.xml
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\weatherbutton_prefs.xml
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\widgets_cache\category_cache.xml
c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchqutb\widgets_cache\widget_cache.xml
c:\users\XXX\RUNSAS.EXE
c:\users\XXX\Uninstall.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-12-15 bis 2011-01-15  ))))))))))))))))))))))))))))))
.

2011-01-15 18:14 . 2011-01-15 18:14        --------        d-----w-        c:\users\XXX\AppData\Local\temp
2011-01-15 18:14 . 2011-01-15 18:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-15 15:20 . 2011-01-15 15:20        --------        d-----w-        c:\program files\ERUNT
2011-01-14 03:09 . 2011-01-14 03:09        --------        d-----w-        c:\users\XXX\AppData\Roaming\Bandoo
2011-01-13 17:48 . 2011-01-14 03:21        --------        d-----w-        c:\programdata\Bandoo
2011-01-13 17:48 . 2011-01-13 17:48        --------        d-----w-        c:\programdata\Fun4IM
2011-01-13 17:48 . 2011-01-14 09:14        --------        d-----w-        c:\program files\Fun4IM
2011-01-06 02:01 . 2011-01-06 02:01        --------        d-sh--w-        c:\windows\system32\%APPDATA%
2011-01-02 13:53 . 2011-01-02 13:54        --------        d-----w-        c:\program files\WinAce
2010-12-22 15:15 . 2010-12-22 18:23        --------        d-----w-        c:\users\XXX\AppData\Local\Panasonic
2010-12-22 15:15 . 2010-12-22 15:15        --------        d-----w-        c:\programdata\Panasonic
2010-12-22 15:12 . 2007-06-21 23:10        501912        ----a-w-        c:\windows\system32\PICSDK2.dll
2010-12-22 15:12 . 2006-10-30 23:10        71840        ----a-w-        c:\windows\system32\EPPicMgr.dll
2010-12-22 15:12 . 2006-10-30 23:10        120992        ----a-w-        c:\windows\system32\EpPicPrt.dll
2010-12-22 15:12 . 2006-10-19 23:10        80024        ----a-w-        c:\windows\system32\PICSDK.dll
2010-12-22 15:12 . 2006-10-19 23:10        108704        ----a-w-        c:\windows\system32\PICEntry.dll
2010-12-22 15:09 . 2010-12-26 15:07        --------        d-----w-        c:\program files\Common Files\Panasonic
2010-12-22 15:09 . 2010-12-22 15:09        --------        d-----w-        c:\program files\Microsoft Synchronization Services
2010-12-22 15:02 . 2010-12-26 15:06        --------        d-----w-        c:\program files\Panasonic
2010-12-17 20:30 . 2010-12-17 21:23        --------        d-----w-        c:\users\XXX\AppData\Local\Microsoft Games

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-07-27 13:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-27 13:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2010-11-20 01:22 . 2010-11-20 01:22        164992        ----a-w-        c:\windows\system32\drivers\athsgt.sys
2010-11-20 01:22 . 2010-11-20 01:22        12544        ----a-w-        c:\windows\system32\drivers\limsgt.sys
2010-11-04 05:52 . 2010-12-15 07:52        978944        ----a-w-        c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 07:52        44544        ----a-w-        c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 07:52        386048        ----a-w-        c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 07:52        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 07:52        351232        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 07:52        496128        ----a-w-        c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 07:52        305152        ----a-w-        c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 07:52        749056        ----a-w-        c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 07:52        192000        ----a-w-        c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 07:52        179712        ----a-w-        c:\windows\system32\schtasks.exe
2010-10-27 04:32 . 2010-12-15 07:52        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-10-20 04:54 . 2010-12-15 07:52        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-10-20 03:00 . 2010-12-15 07:52        2327552        ----a-w-        c:\windows\system32\win32k.sys
2010-10-20 02:58 . 2010-12-15 07:52        294400        ----a-w-        c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-10-15 1410344]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-04 75048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-02 202256]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-5 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorXXX"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-27 10:03        2424560        ----a-w-        c:\users\XXX\SUPERANTISPYWARE.EXE

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~1\Fun4IM\Bandoo.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-08-10 1527900]
R3 gel90xne;gel90xne;c:\users\XXX\AppData\Local\Temp\gel90xne.sys [x]
R3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\users\XXX\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\users\XXX\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/09/14 11:43];c:\program files\HomeCinema\PlayMovie\000.fcl [2009-03-06 12:51 87536]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/09/14 11:43];c:\program files\HomeCinema\PowerDVD8\000.fcl [2009-03-04 23:47 87536]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 athsgt;athsgt;c:\windows\system32\DRIVERS\athsgt.sys [2010-11-20 164992]
S2 limsgt;limsgt;c:\windows\system32\DRIVERS\limsgt.sys [2010-11-20 12544]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - afw
*Deregistered* - afwcore
*Deregistered* - BdFileSpy
.
Inhalt des "geplante Tasks" Ordners

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 11:42]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 11:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchqu.com/403
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} -
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} -
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/403
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-DATAMNGR - c:\progra~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\users\XXX\Uninstall.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\mpDRM\LicenseStore*]
"CheckValue"=dword:9f10ccea
"738A7618"="880E4501"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-15  19:16:42
ComboFix-quarantined-files.txt  2011-01-15 18:16

Vor Suchlauf: 7 Verzeichnis(se), 261.634.125.824 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 261.528.797.184 Bytes frei

- - End Of File - - 6E0F8199C4E18DB80A32775E4BA5D21E
--- --- ---

markusg 15.01.2011 19:41
bitte mal testen und sagen obs wieder klappt

RayParker 15.01.2011 19:48
Jawoll, alles im Lot! Na, das ging ja dann doch ganz fix, danke sehr!

markusg 15.01.2011 20:17
update malwarebytes, komplett scan, funde löschen, log posten bitte

RayParker 15.01.2011 21:06
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5525

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.01.2011 21:04:49
mbam-log-2011-01-15 (21-04-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 285803
Laufzeit: 37 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

markusg 16.01.2011 11:53
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

RayParker 16.01.2011 14:01
1914 - The Great War (UNNÖTIG) JoWooD Productions Software AG / TriNodE Entertainment GmbH 23.10.2010 1.110MB 1.00.0000
2007 Microsoft Office system (BENÖTIGT) Microsoft Corporation 14.01.2011 12.0.6425.1000
7-Zip 4.65 (BENÖTIGT(?)) 14.01.2011
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 14.01.2011
Adobe AIR(BENÖTIGT) Adobe Systems Inc. 14.01.2011 1.5.3.9130
Adobe Flash Player 10 ActiveX(BENÖTIGT) Adobe Systems Incorporated 14.01.2011 10.0.12.36
Adobe Flash Player 10 Plugin(BENÖTIGT) Adobe Systems Incorporated 14.01.2011 6,00MB 10.1.102.64
Adobe Photoshop Elements 2.0(BENÖTIGT) Adobe Systems, Inc. 14.01.2011 2.0
Adobe Reader 9.4.1 - Deutsch(BENÖTIGT) Adobe Systems Incorporated 18.11.2010 167,4MB 9.4.1
Apple Application Support (UNBEKANNT) Apple Inc. 12.12.2010 52,7MB 1.4.1
Apple Software Update (UNBEKANNT) Apple Inc. 05.04.2010 2,16MB 2.1.1.116
ATI Catalyst Install Manager (BENÖTIGT) ATI Technologies, Inc. 10.09.2009 13,8MB 3.0.715.0
avast! Free Antivirus (BENÖTIGT) Alwil Software 14.01.2011 5.0.677.0
Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 14.01.2011 3.0.8619.1
Ccleaner (BENÖTIGT) Piriform 15.01.2011 3.02
ClearProg 1.6.0 Final (UNNÖTIG) Sven Hoffman 14.01.2011 1.6.0 Final
CyberLink PowerDVD 8 (UNNÖTIG) CyberLink Corp. 13.09.2009 139,9MB 8.0.2705
CyberLink PowerProducer (UNBEKANNT) CyberLink Corp. 13.09.2009 166,1MB 5.0.1.1412
Die drei Fragezeichen - Das Quiz(UNNÖTIG) United Soft Media Verlag GmbH 14.01.2011 4.6
DivX Codec (BENÖTIGT(?)) DivX, Inc. 14.01.2011 6.9.1
DivX Converter (BENÖTIGT(?)) DivX, Inc. 14.01.2011 7.1.0
DivX Player (BENÖTIGT(?))DivX, Inc. 14.01.2011 7.2.0
DivX Plus DirectShow Filters(BENÖTIGT(?)) DivX, Inc. 14.01.2011
DivX Plus Web Player(BENÖTIGT(?)) DivX,Inc. 14.01.2011 2.0.0
EAX Unified (UNBEKANNT) 14.01.2011
eMule (BENÖTIGT) 14.01.2011
ERUNT 1.1j (UNNÖTIG(?)) Lars Hederer 14.01.2011
Firebird SQL Server (D) (BENÖTIGT) 14.01.2011 1.5.2.4732
Fraps (BENÖTIGT) 14.01.2011
Google Earth (BENÖTIGT)Google 30.09.2010 85,4MB 5.2.1.1588
Grand Prix 4 (UNNÖTIG) 14.01.2011
HijackThis 2.0.2(BENÖTIGT) TrendMicro 14.01.2011 2.0.2
HP Deskjet 1050 J410 series (BENÖTIGT)- Grundlegende Software für das Gerät Hewlett-Packard Co. 25.11.2010 88,5MB 22.0.334.0
HP Deskjet 1050 J410 series Hilfe(BENÖTIGT) Hewlett Packard 25.11.2010 12,1MB 140.0.66.66
HP Photo Creations (BENÖTIGT)HP Photo Creations Powered by RocketLife 14.01.2011 14,6MB 1.0.0.3341
HP Update (BENÖTIGT)Hewlett-Packard 25.11.2010 2,97MB 5.002.005.003
ICQ7.2(BENÖTIGT) ICQ 08.08.2010 7.2
IL-2 Sturmovik(BENÖTIGT) 14.01.2011
IL-2 Sturmovik: Forgotten Battles(BENÖTIGT) Ubi Soft 07.10.2010 1.165MB 1.00.0000
Imagine Picture Viewer(BENÖTIGT) New Dreams Software 02.02.2010 8,58MB 2.2.3
K-Lite Codec Pack 5.9.0 (Standard) (BENÖTIGT(?)) 02.05.2010 24,3MB 5.9.0
Logitech Gaming Software(BENÖTIGT) Logitech 02.12.2010 8,71MB 4.25
Luxus Liner Tycoon(UNNÖTIG) Purplehills 14.01.2011 1.0.0.4
Mafia (BENÖTIGT) 14.01.2011
Mafia II(BENÖTIGT) 2K Czech 14.01.2011
MAGIX Foto Manager 2006 (D)(BENÖTIGT) MAGIX AG 14.01.2011 3.0.1.84
MAGIX Music Cleaning Lab 2006 deluxe(BENÖTIGT) (D) MAGIX AG 14.01.2011 7.0.0.0
MAGIX Music Manager (D)(BENÖTIGT) MAGIX AG 14.01.2011 1.1.1.692
MAGIX Online Druck Service(BENÖTIGT) Silverwire Software GmbH 14.01.2011
Malwarebytes' Anti-Malware (BENÖTIGT)Malwarebytes Corporation 14.01.2011 10,5MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 14.01.2011 38,8MB 4.0.30319(BENÖTIGT(?))
Microsoft Office 2003 Web Components (BENÖTIGT(?))Microsoft Corporation 15.09.2010 38,1MB 11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies (BENÖTIGT(?))Microsoft Corporation 18.06.2010 15,9MB 12.0.4518.1014
Microsoft Office Live Add-in 1.5 (UNNÖTIG(?))Microsoft Corporation 27.05.2010 0,50MB 2.0.4024.1
Microsoft Office Outlook Connector (UNNÖTIG)Microsoft Corporation 13.09.2009 6,13MB 12.0.6423.1000
Microsoft Office Small Business Connectivity Components(UNNÖTIG) Microsoft Corporation 13.09.2009 0,15MB 2.0.7024.0
Microsoft Primary Interoperability Assemblies 2005(UNNÖTIG(?)) Microsoft Corporation 01.05.2010 7,71MB 8.0.50727.42
Microsoft Silverlight (UNNÖTIG(?))Microsoft Corporation 05.01.2011 136,7MB 4.0.51204.0
Microsoft SQL Server 2005 (BENÖTIGT)Microsoft Corporation 14.01.2011
Microsoft SQL Server 2005 Compact Edition (BENÖTIGT)[DEU] Microsoft Corporation 13.09.2009 0,32MB 3.1.0000
Microsoft SQL Server 2005 Compact Edition (BENÖTIGT)[ENU] Microsoft Corporation 13.09.2009 1,74MB 3.1.0000
Microsoft SQL Server Compact 3.5 SP1 English(BENÖTIGT) Microsoft Corporation 21.12.2010 2,59MB 3.5.5692.0
Microsoft SQL Server Native Client (BENÖTIGT)Microsoft Corporation 13.09.2009 2,63MB 9.00.4035.00
Microsoft SQL Server VSS Writer (BENÖTIGT)Microsoft Corporation 13.09.2009 0,68MB 9.00.4035.00
Microsoft Sync Framework Runtime Native v1.0 (x86)(BENÖTIGT) Microsoft Corporation 13.09.2009 0,61MB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)(BENÖTIGT) Microsoft Corporation 13.09.2009 1,45MB 1.0.1215.0
Microsoft Visual C++ 2005 ATL(BENÖTIGT) Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 10.09.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (BENÖTIGT)Microsoft Corporation 13.01.2010 0,33MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable(BENÖTIGT) - x86 9.0.30729.17 Microsoft Corporation 01.05.2010 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable(BENÖTIGT) - x86 9.0.30729.4148 Microsoft Corporation 13.04.2010 0,58MB 9.0.30729.4148
Mozilla Firefox (3.6.13)(BENÖTIGT) Mozilla 14.01.2011 3.6.13 (de)
MSXML 4.0 SP2 (KB927978)(BENÖTIGT) Microsoft Corporation 13.09.2009 34,00KB 4.20.9841.0
MSXML 4.0 SP2 (KB954430)(BENÖTIGT) Microsoft Corporation 13.09.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688)(BENÖTIGT) Microsoft Corporation 13.01.2010 1,34MB 4.20.9876.0
Nero 8 Essentials(BENÖTIGT) Nero AG 26.08.2010 1.857MB 8.10.284
NVIDIA Drivers(BENÖTIGT) NVIDIA Corporation 14.01.2011 1.9
NVIDIA PhysX(BENÖTIGT) NVIDIA Corporation 14.08.2010 73,2MB 9.10.0513
OpenOffice.org 3.2(BENÖTIGT) OpenOffice.org 01.03.2010 296MB 3.2.9483
PDFCreator(BENÖTIGT) Frank Heindörfer, Philip Chinery 26.11.2010 1.1.0
Pinnacle Instant DVD Recorder(UNNÖTIG) 14.01.2011 2.00.088
Play Movie(UNBEKANNT) CyberLink Corp. 14.01.2011 1.5.5106.0
ProtectDisc Driver, Version 11(UNBEKANNT) ProtectDisc Software GmbH 14.01.2011 11.0.0.11
QuickTime(UNNÖTIG) Apple Inc. 12.12.2010 73,7MB 7.69.80.9
RealPlayer(BENÖTIGT) RealNetworks 14.01.2011
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver (BENÖTIGT)for Windows Vista Realtek 10.09.2009 1.00.0000
Realtek High Definition Audio Driver(BENÖTIGT) Realtek Semiconductor Corp. 14.01.2011
Revo Uninstaller 1.89 VS (BENÖTIGT)Revo Group 14.01.2011 1.89
RTL Biathlon 2009(UNNÖTIG) 14.01.2011
RTL Winter Sports 2009(UNNÖTIG) 14.01.2011
Ski Alpin Racing 2007(UNNÖTIG) 14.01.2011
Steam (BENÖTIGT)Valve Corporation 14.08.2010 1,49MB 1.0.0.0
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten(UNNÖTIG) Hewlett-Packard Co. 26.11.2010 4,80MB 22.0.334.0
Studio 11(BENÖTIGT) Pinnacle Systems 15.11.2010 11.0
True Crime - Streets of LA(BENÖTIGT) Ihr Firmenname 21.04.2010 2.895MB 1.00.0000
ubi.com(BENÖTIGT) 14.01.2011
Uninstall 1.0.0.1(BENÖTIGT) 30.05.2010 10,5MB
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)(BENÖTIGT) Microsoft Corporation 13.09.2009 30,6MB 9.00.4035.00
WinAce Archiver(BENÖTIGT) e-merge GmbH 14.01.2011 2.69
Windows Live Essentials(BENÖTIGT(?)) Microsoft Corporation 14.01.2011 14.0.8089.0726
Windows Live ID-Anmelde-Assistent(BENÖTIGT(?)) Microsoft Corporation 27.05.2010 5,52MB 6.500.3146.0
Windows Live Sync(BENÖTIGT(?)) Microsoft Corporation 13.09.2009 2,79MB 14.0.8089.726
Windows Live-Uploadtool(BENÖTIGT) Microsoft Corporation 13.09.2009 0,22MB 14.0.8014.1029
Windows Media Player Firefox Plugin(BENÖTIGT) Microsoft Corp 12.04.2010 0,29MB 1.0.0.8
X10 Hardware(TM) 14.01.2011

markusg 16.01.2011 15:53
deinstaliere:
1914 - The Great War

Adobe Reader 9.4
ersetzen:
Adobe - Adobe Reader herunterladen - Alle Versionen

bitte den mcafee security scan nicht mit instalieren.
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok

deinstaliere:
Apple beide.
ClearProg
CyberLink (beide)
Die drei Fragezeichen
DivX braucht man nicht unbedingt, kann alles weg.
eMule filesharing ist illegal und in der heutigen zeit gefährlich, trojaner etc gibts da sehr oft
ERUNT
Grand Prix
K-Lite Codec Pack verzichte auf codec packs und hohle dir nen richtigen player.
VideoLAN - VLC media player for Windows
ich denke der wird deine wünsche voll und ganz erfüllen...
deinstaliere weiter:
Luxus Liner Tycoon
Microsoft Silverlight
Microsoft SQL betreibst du nen server, falls nein, weg.
Pinnacle Instant DVD Recorder
Play Movie
QuickTime
RealPlayer nimm lieber dann den vlc.
Ski Alpin Racing
Studie zur Verbesserung von HP Deskjet
Windows Live Essentials brauchst du nicht unbedingt.
Windows Live kann eig auch alles weg.

bereinige dann dateien + registry.

RayParker 16.01.2011 18:22
War dann ja doch wieder ne Menge. Einiges hätte ich natürlich wissen können...wie 's so geht im Leben!;-)
Ich hoffe, das war's dann erst mal, herzlichen Dank nochmal!

markusg 16.01.2011 18:27
ich würde den pc mit dir noch absichern wollen, wenn du willst


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:28 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131