Computer Verschlüsselungstrojaner

magicfortune · 10.06.2012, 16:23

Sehr geehrtes Trojaner-Board Team,

ich habe mir vor 2 Tagen versehentlich, den oben genannten Virus eingefangen.
Über Google habe ich mich dann mal schlau gemacht, wegen der paysafecard und ukash Bezahlung. Dabei bin ich durch Zufall auf die Internetseite von paysafecard.com, wo auch auf die Gema oder BKA Trojaner hingewiesen worden.
Darauf hin habe ich nach dem besagten Trojaner gesucht und bin auf eure Seite gelandet.

Als 1. habe ich den DE - Cleaner probiert, aber der hat nicht angeschlagen.
Nach gut 1.15 h Durchlaufzeit hat er nichts gefunden.

Schritt 2 war eben die Kaspersky Rettungsdisc 10, gute 3,5h warten für nichts.
Habe alle Systeme durchchecken lassen.

Also habe ich mich für Schritt 3 entschieden. Habe den Pc im gesicherten Modus gestarten und ihn dann eine Systemwiederherstellung machen lassen.
Bin ca. 1 Woche zurück gegangen.
Anschließend den Pc normal gestartet und siehe da, keine Meldung mehr bzgl. des Trojaners und der Geldaufforderung.

Dies bzgl. habe ich meinen Virenscanner sofort upgegradet und den Malwarbytes runtergeladen.

Malwarebytes hat jetzt 24 infizierte Objekte gefunden. Was mache ich jetzt am besten damit.

Ich hoffe ich habe euch jetzt nicht Erschlagen mit der Infoflut, sollte noch etwas fehlen bitte schreiben.

MfG

magicfortune

Nach diversen stöbern habe ich gefunden wie die Maleware funktioniert, hoffe das mit dem einfügen ist so richtig.

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.10.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Désirée :: DÉSIRÉE-PC [Administrator]

Schutz: Aktiviert

10.06.2012 16:57:36
mbam-log-2012-06-10 (16-57-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219478
Laufzeit: 9 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCR\CLSID\{04DFB628-514B-4E68-9076-DC1024F58A96} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04DFB628-514B-4E68-9076-DC1024F58A96} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04DFB628-514B-4E68-9076-DC1024F58A96} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PersSecurity (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\System\CurrentControlSet\Servises (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PersSecurity (Rogue.PersonalSecurity) -> Daten: C:\Program Files\PersSecurity\psecurity.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files\Common Files\PersSecurityUninstall (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\PersSecurity (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 15
C:\Users\Désirée\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Désirée\AppData\Local\Temp\jflxphyrdn.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Désirée\AppData\Local\Temp\pzyvjxfnql.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Désirée\AppData\Local\Temp\lsyvowzdna.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Désirée\AppData\Local\Temp\epbhyylaqn.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Désirée\AppData\Local\Temp\rfgimyrjpl.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Désirée\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PersSecurity.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Common Files\PersSecurityUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Computer Scan.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Help.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Personal Security.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Registration.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Security Center.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Settings.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Update.lnk (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich hoffe Ihr könnt mit dem Daten wust was anfangen

MfG
D. Montag

cosinus · 12.06.2012, 15:11

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

magicfortune · 12.06.2012, 18:59

So hier ist das Log

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b25778922a105448f80b9b4d3d1dcdb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-12 05:51:52
# local_time=2012-06-12 07:51:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 164632 164632 0 0
# compatibility_mode=5893 16776573 100 94 161 91148074 0 0
# compatibility_mode=8192 67108863 100 0 111 111 0 0
# scanned=204950
# found=12
# cleaned=0
# scan_time=6628
C:\Program Files\VistaCodecPack\Tools\renderer32.exe	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\VistaCodecPack\Tools\Settings32.exe	Win32/Packed.Autoit.C.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Webfetti\bar\2.bin\7dhtml.dll	probably a variant of Win32/Toolbar.MyWebSearch.F application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Webfetti\bar\2.bin\7dhtmlmu.dll	probably a variant of Win32/Toolbar.MyWebSearch.B application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Webfetti\bar\2.bin\7dPlugin.dll	a variant of Win32/Toolbar.MyWebSearch application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Webfetti\bar\2.bin\7dskin.dll	a variant of Win32/Toolbar.MyWebSearch.P application (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\VistaCodecs\{28B14EDE-7C6B-4A00-9E91-39680470E557}\Vista Codec Package.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\VistaCodecs\{28B14EDE-7C6B-4A00-9E91-39680470E557}\Vista Codec Package.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Désirée\AppData\Local\Temp\2012-08-1.zip	Win32/Trustezeb.C trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Désirée\AppData\Local\Temp\2012-08.zip	Win32/Trustezeb.C trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Désirée\AppData\Local\Temp\anLXPkke.exe.part	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Désirée\Documents\DVDVideoSoft\Webfetti.exe	a variant of Win32/Toolbar.MyWebSearch.Q application (unable to clean)	00000000000000000000000000000000	I

cosinus · 12.06.2012, 21:59

Was ist mit dem Malwarebytes Vollscan?

magicfortune · 13.06.2012, 18:50

siehe 1. Post oder sollte ich das noch mal extra als codetag gestalten???

cosinus · 13.06.2012, 21:04

Zitat:

Art des Suchlaufs: Quick-Scan

Klingelt's jetzt?

magicfortune · 15.06.2012, 02:54

Dann ist hier der Vollscan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Désirée :: DÉSIRÉE-PC [Administrator]

Schutz: Aktiviert

14.06.2012 21:18:00
mbam-log-2012-06-14 (21-18-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 412445
Laufzeit: 2 Stunde(n), 1 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Désirée\Documents\DVDVideoSoft\Webfetti.exe (PUP.FunWebProducts) -> Keine Aktion durchgeführt.

(Ende)

Hoffe das ist jetzt richtig.

cosinus · 15.06.2012, 12:01

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

magicfortune · 16.06.2012, 18:16

Also vermissen tue ich nichts.

Das größte Problem ist das ich auf private Dateien (Bilder, Musik etc.)
keinen Zugriff bekomme.

Dort stehen irgendwelche Buchstaben

Ich hoffe das Problem kann behoben werden.

MfG

magicfortune

cosinus · 17.06.2012, 21:06

Zur Entschlüsselung/Wiederherstellung bitte die fette Hinweisbox oben beachten!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

magicfortune · 18.06.2012, 20:59

Hier das OTL log

Code:

ATTFilter

OTL logfile created on: 18.06.2012 20:33:47 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Désirée\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,73% Memory free
5,93 Gb Paging File | 4,23 Gb Available in Paging File | 71,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,90 Gb Total Space | 204,92 Gb Free Space | 71,18% Space Free | Partition Type: NTFS
 
Computer Name: DÉSIRÉE-PC | User Name: Désirée | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 20:31:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Désirée\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.10 21:35:20 | 000,227,184 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.08.09 00:11:06 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.02 19:42:38 | 000,036,864 | ---- | M] (Webfetti) -- C:\Programme\Webfetti\bar\2.bin\7dbarsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.12 09:01:00 | 000,201,216 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.09.14 07:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009.09.14 07:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.06.17 10:14:22 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Marketing Tools\MarketingTools.exe
PRC - [2009.05.20 15:11:40 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.13 22:16:31 | 000,180,224 | ---- | M] (ALPS) -- C:\Programme\Apoint\Apvfb.exe
PRC - [2009.04.13 22:16:30 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2009.04.13 22:16:29 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2009.04.13 22:16:28 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe
PRC - [2009.03.01 23:21:32 | 002,329,128 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.03.01 23:21:32 | 000,789,032 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.03.01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.01.21 10:07:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009.01.21 10:07:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.01.19 16:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009.01.19 12:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgr.exe
PRC - [2009.01.19 12:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009.01.14 13:38:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.01.06 04:04:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008.12.21 23:30:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\LANUtil.exe
PRC - [2008.12.21 21:55:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\NSUService.exe
PRC - [2008.12.19 14:02:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMgr.exe
PRC - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMService.exe
PRC - [2008.12.18 12:18:58 | 000,874,344 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008.12.18 10:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Programme\sony\ISB Utility\ISBMgr.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008.08.20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.08.20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 21:15:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 21:15:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.14 14:43:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll
MOD - [2012.05.14 14:43:08 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012.05.14 14:43:06 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012.05.14 14:43:04 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012.05.14 14:43:02 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012.05.14 14:38:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 14:38:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 14:38:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 14:38:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.12.25 22:42:15 | 005,255,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.08.09 00:11:06 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011.04.21 13:50:21 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 04:00:15 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2010.11.05 03:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010.07.30 22:10:20 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2010.01.01 18:39:41 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2010.01.01 18:39:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2006.12.10 22:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 22:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.14 21:17:13 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.06 10:51:27 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.10 21:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.04.02 19:42:38 | 000,036,864 | ---- | M] (Webfetti) [Auto | Running] -- C:\Programme\Webfetti\bar\2.bin\7dbarsvc.exe -- (WebfettiService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.28 08:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.09.14 07:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009.09.14 07:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.02.05 12:41:46 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.02.05 12:41:44 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.02.05 12:41:44 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.02.05 12:41:44 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.02.05 12:41:44 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.01.21 10:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.01.21 10:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009.01.21 10:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.01.19 16:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.01.19 12:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009.01.16 21:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009.01.14 13:38:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.01.08 00:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009.01.06 04:04:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008.12.21 21:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.08.20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.08.20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.03.31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.04.13 22:16:29 | 000,173,616 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.02.23 22:07:18 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.02.09 10:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2008.11.24 23:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.11.19 02:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008.10.23 02:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.10.23 02:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.04.24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.08.06 15:29:46 | 000,094,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camfilt2.sys -- (camfilt2)
DRV - [2007.07.17 18:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{EA6E82DD-9489-4B32-8E7B-5A97F7EF3395}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=6789FF94-1B5C-418F-AB67-D056611F19BA&apn_sauid=B0654D97-0C66-4B09-B061-B47EE50BE6D3
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=0-PzDPaY_dvVM8njmJBRCbTWtEk?q={searchTerms}
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms}
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang=de&zip=&town=&site=&country=
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{EA6E82DD-9489-4B32-8E7B-5A97F7EF3395}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\Live Search: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-DE&FORM=MICGLV
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}:1.2.8
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: ffext@webwebweb:1.0.0.449
FF - prefs.js..extensions.enabledItems: 7dffxtbr@Webfetti.com:1.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16225&locale=en_US&apn_uid=6789FF94-1B5C-418F-AB67-D056611F19BA&apn_ptnrs=QQ&apn_sauid=B0654D97-0C66-4B09-B061-B47EE50BE6D3&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\Program Files\Startpage24\Plugin\Version_586\firefox\plugins\nplink64.dll (Link64 GmbH)
FF - HKLM\Software\MozillaPlugins\@Webfetti.com/Plugin: C:\Program Files\Webfetti\bar\2.bin\NP7dStub.dll (Webfetti)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7dffxtbr@Webfetti.com: C:\Program Files\Webfetti\bar\2.bin [2011.10.16 13:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffext@startpage24: C:\Program Files\Startpage24\Plugin\Version_586\firefox [2011.06.24 22:38:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.10 16:48:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 21:48:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.12 16:03:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.12.13 21:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Désirée\AppData\Roaming\mozilla\Extensions
[2010.12.13 21:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Désirée\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.18 20:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions
[2010.09.16 19:48:38 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.06.15 17:37:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 20:00:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.28 20:46:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.19 21:52:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.16 13:34:48 | 000,000,000 | ---D | M] (Webfetti) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\7dffxtbr@Webfetti.com
[2012.05.24 22:42:22 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\toolbar@ask.com
[2012.06.14 21:48:04 | 000,002,572 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\askcom.xml
[2012.06.10 16:55:55 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-1.xml
[2011.12.18 20:03:20 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-10.xml
[2012.01.02 21:24:32 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-11.xml
[2012.01.18 23:27:21 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-12.xml
[2012.02.18 21:29:21 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-13.xml
[2012.02.26 11:15:12 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-14.xml
[2012.02.26 11:22:54 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-15.xml
[2012.03.28 20:46:12 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-16.xml
[2012.05.06 10:51:49 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-17.xml
[2012.05.13 13:48:01 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-18.xml
[2012.06.08 21:04:19 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-19.xml
[2011.06.16 10:34:03 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-2.xml
[2011.08.02 15:23:19 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-3.xml
[2011.08.26 18:29:56 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-4.xml
[2011.09.11 19:14:01 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-5.xml
[2011.09.15 10:34:20 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-6.xml
[2011.10.01 16:04:14 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-7.xml
[2011.10.11 19:50:07 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-8.xml
[2011.11.09 21:37:04 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin.xml
[2009.08.10 21:13:36 | 000,001,836 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\live-search.xml
[2009.08.11 19:23:35 | 000,003,915 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\sweetim.xml
[2011.06.20 23:33:06 | 000,005,218 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\webwebweb.xml
[2009.08.30 16:24:26 | 000,001,201 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\winamp-search.xml
[2012.02.26 11:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.01.01 18:35:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- C:\USERS\DÃ©SIRÃ©E\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJPZ37RW.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\USERS\DÃ©SIRÃ©E\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJPZ37RW.DEFAULT\EXTENSIONS\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}.XPI
File not found (No name found) -- C:\USERS\DÃ©SIRÃ©E\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJPZ37RW.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\DÃ©SIRÃ©E\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJPZ37RW.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
File not found (No name found) -- C:\USERS\DÃ©SIRÃ©E\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJPZ37RW.DEFAULT\EXTENSIONS\7DFFXTBR@WEBFETTI.COM
File not found (No name found) -- C:\USERS\DÃ©SIRÃ©E\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJPZ37RW.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
File not found (No name found) -- C:\USERS\DÃ©SIRÃ©E\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJPZ37RW.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2012.05.06 10:51:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.25 20:51:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.18 21:28:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 21:28:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.18 21:28:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 21:28:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 21:28:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 21:28:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (FastestTubeBHO Class) - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Programme\FastestTube\1.2.12\WombatBHO.dll (Kwizzu)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (WebWebWeb) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\Program Files\WebWebWeb\Plugin\Version_449\link64_plugin.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000..\Run: [Epson Stylus SX525WD(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000..\Run: [EPSON SX525WD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Désirée\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Désirée\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3BFA3BB-6C8A-4DC3-A8B1-92FEF5C0C637}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\webwebweb {879506D7-73DF-8D45-BBDD-123467926D12} - C:\Program Files\WebWebWeb\Plugin\Version_449\link64_plugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\go36f4~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Désirée\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Désirée\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4a250eb5-82ae-11de-87e0-002433d377d6}\Shell - "" = AutoRun
O33 - MountPoints2\{4a250eb5-82ae-11de-87e0-002433d377d6}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 20:31:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Désirée\Desktop\OTL.exe
[2012.06.14 21:48:07 | 000,000,000 | ---D | C] -- C:\Users\Désirée\AppData\Local\Macromedia
[2012.06.12 17:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.10 20:23:14 | 000,000,000 | ---D | C] -- C:\Users\Désirée\AppData\Roaming\Avira
[2012.06.10 20:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.10 20:17:42 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.06.10 20:17:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.06.10 20:17:41 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.06.10 20:17:41 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.06.10 20:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.10 20:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.10 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\Désirée\AppData\Roaming\Malwarebytes
[2012.06.10 16:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.10 16:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 16:56:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.10 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.08 19:00:30 | 000,000,000 | ---D | C] -- C:\Users\Désirée\AppData\Roaming\Rhiycqnu
[2012.03.08 20:50:16 | 008,862,099 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\Setup_MHRemake.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 20:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 20:45:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Updater.job
[2012.06.18 20:31:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Désirée\Desktop\OTL.exe
[2012.06.18 20:27:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 21:46:59 | 000,009,504 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 21:46:59 | 000,009,504 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 21:22:04 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.14 21:22:04 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 21:22:04 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.14 21:22:04 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.14 21:15:47 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.06.14 21:13:38 | 000,524,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.14 21:12:40 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 20:17:54 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.10 16:56:52 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.08 19:01:45 | 000,033,376 | ---- | M] () -- C:\Users\Désirée\Documents\oqlanAJgfGEygudsep
[2012.05.27 22:03:20 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.10 20:17:54 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.10 16:56:52 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2010.07.17 21:19:40 | 000,159,454 | ---- | C] () -- C:\Windows\Kaiser - das Erbe Uninstaller.exe
[2010.06.28 00:06:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\st50220.dll
[2010.06.27 23:58:47 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2010.06.27 23:58:23 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2010.06.27 23:58:23 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2010.06.27 23:58:23 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2011.01.01 13:02:47 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\.purple
[2010.04.24 21:40:48 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\1morebee
[2010.01.01 18:46:26 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\AD ON Multimedia
[2011.10.29 14:13:46 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Alawar Entertainment
[2010.02.11 19:09:05 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Anabel
[2010.03.01 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Ancient Quest of Saqqarah__intenium
[2010.02.10 15:36:19 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Artogon
[2011.06.13 19:18:40 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Awem
[2010.02.20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\BloodTies
[2010.08.14 14:04:44 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Brunhilda_intenium
[2010.02.05 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\casanova
[2010.01.01 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\DeepBurner
[2010.02.06 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Dekovir
[2010.04.25 11:51:49 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Divo Games
[2012.01.06 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\DivoGames
[2011.10.01 19:00:49 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\DVDVideoSoft
[2010.12.19 21:52:59 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.13 18:53:42 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\EleFun Games
[2010.03.26 19:58:12 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\ElementalsTheMagicKey
[2010.03.28 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\EnchantedCavern
[2010.02.24 23:05:41 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Enlightenus
[2011.08.13 12:16:26 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Epson
[2010.05.24 19:05:08 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\EscapeFromParadise2
[2010.07.17 18:03:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Flood Light Games
[2012.05.27 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Friday's games
[2010.04.28 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\GamersDigital
[2010.02.20 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Games
[2010.11.27 22:37:56 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Gogii
[2010.05.30 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Gogii Games
[2010.05.14 19:31:31 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\GraveyardShift
[2010.12.23 22:51:49 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\gtk-2.0
[2012.06.14 21:18:11 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\ICQ
[2010.09.17 10:02:21 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Image Zone Express
[2010.02.11 14:49:19 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\iMaxGen
[2010.02.15 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Inteniumv1002
[2010.07.17 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\InterTrust
[2010.01.01 18:46:28 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\IrfanView
[2010.08.08 21:12:38 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Lazy Turtle Games
[2010.02.15 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Legends of pirates
[2010.02.10 19:23:20 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Magic Academy
[2010.02.10 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Magic Academy 2
[2010.07.14 20:27:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Magic3
[2010.11.28 19:13:46 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\MagicIndie
[2011.11.22 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\margrave3_full
[2011.02.02 19:12:50 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Meridian93
[2011.06.13 12:38:01 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Merscom
[2010.02.17 23:12:05 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Mysteryville2
[2011.10.30 12:56:06 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Nevosoft Games
[2010.01.01 18:46:41 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\OpenOffice.org
[2010.02.25 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Pingus
[2010.03.07 13:43:34 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Playrix Entertainment
[2010.03.05 20:49:56 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\PoBros
[2010.02.07 13:41:31 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Princess Isabella
[2010.01.01 18:46:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Printer Info Cache
[2010.02.28 15:10:32 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Purple Patch Games
[2012.06.10 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Rhiycqnu
[2010.02.17 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\RobinsonCrusoe
[2012.04.19 17:37:48 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Sahmon Games
[2010.02.04 17:20:25 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\SecretIslandDeuBF
[2010.06.12 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Settlement. Colossus
[2011.07.27 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Silverback Productions
[2010.04.10 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\TheFixerUpper
[2010.12.13 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Thunderbird
[2010.03.09 22:36:18 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\TitanicMystery
[2010.02.06 20:03:25 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Total Eclipse
[2011.06.13 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\TripleHippo
[2011.08.03 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Uniblue
[2010.02.03 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\V-Games
[2010.04.11 17:25:11 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\VampireSaga
[2011.10.03 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\VampireSagaHL
[2010.12.25 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Vast Studios
[2010.01.01 18:46:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\VistaCodecs
[2011.02.02 18:22:03 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\WebWebWeb
[2010.09.19 12:54:25 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\World-Loom
[2010.01.27 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Wormux
[2010.09.26 17:08:36 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\XLMSoftGames
[2011.06.25 14:18:04 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\YoudaGames
[2012.06.14 21:15:47 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2009.07.14 06:53:46 | 000,023,812 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.18 20:45:00 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\Updater.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.01 13:02:47 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\.purple
[2010.04.24 21:40:48 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\1morebee
[2010.01.01 18:46:26 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\AD ON Multimedia
[2011.11.21 03:50:11 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Adobe
[2011.10.29 14:13:46 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Alawar Entertainment
[2010.02.11 19:09:05 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Anabel
[2010.03.01 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Ancient Quest of Saqqarah__intenium
[2010.11.28 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Apple Computer
[2010.01.01 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\ArcSoft
[2010.02.10 15:36:19 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Artogon
[2010.01.01 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\ATI
[2012.06.10 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Avira
[2011.06.13 19:18:40 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Awem
[2010.02.20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\BloodTies
[2010.08.14 14:04:44 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Brunhilda_intenium
[2010.02.05 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\casanova
[2010.01.01 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\DeepBurner
[2010.02.06 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Dekovir
[2010.04.25 11:51:49 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Divo Games
[2012.01.06 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\DivoGames
[2011.10.01 19:00:49 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\DVDVideoSoft
[2010.12.19 21:52:59 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.13 18:53:42 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\EleFun Games
[2010.03.26 19:58:12 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\ElementalsTheMagicKey
[2010.03.28 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\EnchantedCavern
[2010.02.24 23:05:41 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Enlightenus
[2011.08.13 12:16:26 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Epson
[2010.05.24 19:05:08 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\EscapeFromParadise2
[2010.07.17 18:03:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Flood Light Games
[2012.05.27 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Friday's games
[2010.04.28 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\GamersDigital
[2010.02.20 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Games
[2010.11.27 22:37:56 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Gogii
[2010.05.30 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Gogii Games
[2010.05.14 19:31:31 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\GraveyardShift
[2010.12.23 22:51:49 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\gtk-2.0
[2010.01.01 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\HP
[2011.02.15 18:25:26 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\HpUpdate
[2012.06.14 21:18:11 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\ICQ
[2012.03.31 16:56:46 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Identities
[2010.09.17 10:02:21 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Image Zone Express
[2010.02.11 14:49:19 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\iMaxGen
[2010.06.27 23:45:10 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\InstallShield
[2011.03.24 21:45:54 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Intel
[2010.02.15 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Inteniumv1002
[2010.07.17 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\InterTrust
[2010.01.01 18:46:28 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\IrfanView
[2010.08.08 21:12:38 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Lazy Turtle Games
[2010.02.15 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Legends of pirates
[2010.10.26 13:24:26 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Macromedia
[2010.02.10 19:23:20 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Magic Academy
[2010.02.10 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Magic Academy 2
[2010.07.14 20:27:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Magic3
[2010.11.28 19:13:46 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\MagicIndie
[2012.06.10 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Malwarebytes
[2011.11.22 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\margrave3_full
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Media Center Programs
[2011.02.02 19:12:50 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Meridian93
[2011.06.13 12:38:01 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Merscom
[2011.11.21 03:50:11 | 000,000,000 | --SD | M] -- C:\Users\Désirée\AppData\Roaming\Microsoft
[2010.01.01 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Mozilla
[2010.02.17 23:12:05 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Mysteryville2
[2011.10.30 12:56:06 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Nevosoft Games
[2010.01.01 18:46:41 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\OpenOffice.org
[2010.02.25 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Pingus
[2010.03.07 13:43:34 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Playrix Entertainment
[2010.03.05 20:49:56 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\PoBros
[2010.02.07 13:41:31 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Princess Isabella
[2010.01.01 18:46:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Printer Info Cache
[2010.02.28 15:10:32 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Purple Patch Games
[2012.06.10 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Rhiycqnu
[2010.02.17 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\RobinsonCrusoe
[2010.01.01 18:46:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Roxio
[2012.04.19 17:37:48 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Sahmon Games
[2010.02.04 17:20:25 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\SecretIslandDeuBF
[2010.06.12 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Settlement. Colossus
[2011.07.27 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Silverback Productions
[2010.01.01 18:46:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Sony Corporation
[2010.04.10 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\TheFixerUpper
[2010.12.13 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Thunderbird
[2010.03.09 22:36:18 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\TitanicMystery
[2010.02.06 20:03:25 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Total Eclipse
[2011.06.13 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\TripleHippo
[2011.08.03 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Uniblue
[2010.02.03 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\V-Games
[2010.04.11 17:25:11 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\VampireSaga
[2011.10.03 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\VampireSagaHL
[2010.12.25 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Vast Studios
[2010.01.01 18:46:43 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\VistaCodecs
[2011.02.02 18:22:03 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\WebWebWeb
[2012.04.20 21:00:04 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Winamp
[2010.09.19 12:54:25 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\World-Loom
[2010.01.27 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\Wormux
[2010.09.26 17:08:36 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\XLMSoftGames
[2011.06.25 14:18:04 | 000,000,000 | ---D | M] -- C:\Users\Désirée\AppData\Roaming\YoudaGames
 
< %APPDATA%\*.exe /s >
[2011.02.08 20:09:39 | 000,010,134 | R--- | M] () -- C:\Users\Désirée\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2012.04.29 19:28:16 | 003,943,592 | ---- | M] (Ask) -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_2d2ec4fd9937ddb4\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_950dad68cf8acc20\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Files - Unicode (All) ==========
[2010.05.23 17:04:37 | 000,000,000 | ---D | M](C:\Users\D?sir?e\AppData\Roaming\Silverback Productions) -- C:\Users\D�sir�e\AppData\Roaming\Silverback Productions
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6425A235
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:270A3983
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7FCB9D0D

< End of report >

Ist das OTL personifiziert oder allg. Gültig??

MfG
magicfortune

Da hat sich noch ein txt. Feld geöffnet mit Extra

Code:

ATTFilter

OTL Extras logfile created on: 18.06.2012 20:33:47 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Désirée\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,73% Memory free
5,93 Gb Paging File | 4,23 Gb Available in Paging File | 71,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,90 Gb Total Space | 204,92 Gb Free Space | 71,18% Space Free | Partition Type: NTFS
 
Computer Name: DÉSIRÉE-PC | User Name: Désirée | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 
"FirewallDisableNotify" = 
"FirewallOverride" = 
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A856A96-0E60-4FF6-887D-22DC0461EFB1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C78DD65-B0AD-42B7-B590-15CF0212BAD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{241281B4-B2F1-4D41-90B6-32ACB1F69CFF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{299F60D4-9F34-4AAB-83FD-91B2F998279A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3AB1C18D-ED1C-4822-9E7A-832AA9D7C092}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{474DE441-0A05-4B5C-9220-C9A193C630D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{51CD27CE-2C39-4C1D-94D3-3C1DA7998738}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7962C641-E45E-407F-8AB1-3DE86620C803}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A5B53AC2-4C69-4F47-97E7-BF0522A759DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EBEE25F0-FAB7-47DE-8D25-22974A95CBC9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F271E040-887A-47C2-A592-5A8291CA86BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6F1751A-A79F-4F79-930E-685ED93F82C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114F3F74-B256-4787-97BC-33827AD07C96}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"{115EBC29-15F3-4CF6-9550-5DA94AB0CB28}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{1867819E-4D61-47F8-8825-9509B9F442EF}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{2A6AAC85-7912-42FD-B6B5-45F3FC3DDE03}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{3C29F58C-BFF1-4427-A241-4CB262E1D303}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{4445923A-51C9-4B99-8C81-B7D23094FC43}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{4F4AA147-B235-4931-B079-E177F943A1D6}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{5BA90539-4F92-445C-BAB9-C0801AC145B0}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{63BC782B-C125-4093-A414-40CFF5C3B216}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{74ADD526-B956-45C1-858C-E3DC5ECE2CFC}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"{7D35A6F3-97D3-4351-A45E-D6598F33B205}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7E8F8FE6-7156-44BF-86BE-A1C383625CD0}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7E958B4C-9F80-48E7-9D3A-39ABE32A05DF}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{AAB11701-0E4C-4C76-952C-8B8BDA4EB2A7}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{AAF98277-BE3F-44BB-9D3C-8D6F80257043}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ACE93134-483C-4EE4-9FC5-D12966439BF3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{ACEBA1BD-2559-454F-92C6-F270A595697D}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{E0A14A05-9F7C-40F4-9675-A1558DFD3725}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{F62FFA5D-A169-4DC2-90C5-A1BAA8A1069F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{207A4643-581A-4694-974B-B9FC1E750F1A}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"TCP Query User{22ED64D2-09D3-443A-8A51-82F2789A39B2}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{2D2273A4-92CB-4C65-A98E-8E9F2A4721F9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{514C700C-BF01-4EC2-98B7-19AAF645B7C0}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"TCP Query User{6AD76A7A-B702-4E69-9378-760B8D72A423}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe | 
"TCP Query User{7D6B50BB-9502-40DA-8ABA-5EC8B2907E31}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{7E4247D9-C96B-4B94-AF25-4D228F28BD6E}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"TCP Query User{9B52853B-82A0-47D1-978B-5655DE7EF442}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{A22EC8F5-7010-4FDA-91C8-561B62BDE518}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{B8FA938C-0F4F-4370-B170-A24B3C7DCBDF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{BF0792BC-80AC-44D6-934E-308321740632}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{BFEB01EB-5738-452B-A3B2-217F78D37644}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"TCP Query User{CD858252-F0F4-4E31-8E27-50099B21D38F}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{E2CB4EA1-C690-47F8-BBF0-F7C83C0CFF76}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{EDF4C77E-97C0-4303-A378-EBE8906F01F0}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{07D303A8-43D9-454A-8F2B-B3B7C40292A4}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"UDP Query User{2243B06C-8CA2-4BAC-9164-5700253D3DD1}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{296A90CC-8063-4861-A285-6A2434155589}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3F79BD21-BE4F-4B8B-90B6-4DA58FD6F11F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{4A187488-D37F-464C-B710-A5C19F17D420}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{56166790-0F64-40B4-9205-B53F2F0C3F45}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{570BF5E4-73B5-465F-BCCB-F61D64674457}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{5E0FDF54-CEAD-419F-B46E-BC5B7407C784}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{71C4D9FA-12D3-4FE3-82FB-7A1DAA138291}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{887CB083-7C1B-4A3D-AAF1-474D830EF529}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{9C37C768-393A-4F7F-BD9E-B5996A80B336}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{BA975B7F-1ED4-40C4-8DDA-FEA8E9176CB3}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"UDP Query User{D6D73627-2FB8-4919-BC3A-BF397A474FBD}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{F086935D-13BC-4BEC-8C11-1665CFF080B3}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe | 
"UDP Query User{F8D58265-8FAE-41AB-9672-588D22338997}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0534F8BF-EBFD-004B-5DED-1010CBF353B8}" = CCC Help Dutch
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0A1B60E0-F250-BD91-79C9-C29B9C05A5AA}" = Catalyst Control Center InstallProxy
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{13C5C85D-3CD9-DF9C-77A9-8173781CD170}" = CCC Help Spanish
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{16BAB4DD-34F6-EBC5-F40B-72146464CDE0}" = Catalyst Control Center Core Implementation
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{190CD8ED-D83B-EB89-9BE9-8CC04569A4CB}" = CCC Help Thai
"{19B683DF-B562-4C0B-8AAA-2A92409D190A}" = Sony Home Network Library
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{24504135-0D50-4842-A3AE-CC44CFA4FF74}_is1" = Dr. Watson - Katakomben
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26C05EE9-C5C7-F22C-A298-B97926F36E3E}" = CCC Help Turkish
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{2B5DDB2D-053E-F1C8-3234-DAE9FCF4B318}" = CCC Help Finnish
"{2EF15529-A351-FDFA-C393-491483B04784}" = CCC Help Italian
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43112A37-7CDD-745A-6EB4-9A9BA982DB2A}" = CCC Help English
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{486CC64F-030A-4C9A-8716-87E26D28FKQ1}_is1" = King's Quest I: Quest for the Crown (4.1c)
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCB123A-6DD2-8436-2FBA-0244ADF65F42}" = CCC Help Russian
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi-Software
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52D93C83-FDEA-D1B2-5185-D1271DC15C6C}" = Catalyst Control Center Localization All
"{52E51086-747D-AEB9-B440-14B84CC247E0}" = Catalyst Control Center Graphics Light
"{54CC8FFD-0F64-07B4-EFC1-40C0449F4B85}" = ccc-utility
"{568D1DC1-4038-BF79-E58D-81311FD41F91}" = CCC Help Greek
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77217D44-363B-9BF6-04F8-FE432D9AFE35}" = CCC Help Czech
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C3228AC-BDE5-448E-8C01-E39BB0782DE8}" = Motorola Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Hercules Classic Silver
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88E1A4BD-995D-EB00-26E5-9BEFA9E213A6}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A120CC0-95C6-DEEF-F60B-8B0866660920}" = CCC Help Hungarian
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90124382-85E3-DE67-F0F7-4C37B7040BF4}" = CCC Help Chinese Standard
"{914B46A6-7C4B-3AA2-DFF7-E39EB5F7141E}" = Skins
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{948FD689-B34E-5A26-F926-111A1A74A43D}" = CCC Help Japanese
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99A9CE2D-DFB1-3277-D1C7-5C34C21179EF}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A44DC8C-13C7-6ADE-3516-C1FEDC0267F8}" = CCC Help Swedish
"{9A4FBD51-811D-33E9-116B-D26C662B588C}" = CCC Help Norwegian
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A17E786D-ACC6-8D11-8B25-D83AB85B6534}" = CCC Help German
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0A8D303-1077-43FF-B8E0-E69E0516BEAA}" = Power-Druckstudio
"{B12F3362-A328-9499-949A-A95C6EF21CB6}" = Catalyst Control Center Graphics Previews Vista
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C144CB60-EE5D-B625-C672-176AC5B488D2}" = ATI Catalyst Install Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C4567E61-7997-5F6A-0A4B-F667328D3ED3}" = Catalyst Control Center Graphics Previews Common
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD77F1C7-9A53-0883-F660-2FE859B47BAA}" = Catalyst Control Center Graphics Full Existing
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E3E86D88-6370-73DA-29F9-D09D43337688}" = CCC Help Korean
"{E412146D-4D11-3363-804E-096D51988B69}" = CCC Help Portuguese
"{E6FE96CE-99C3-42DE-AD9B-E0A63BD7805D}_is1" = FastestTube-1.2.8.7
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{E9F6CD2A-CF41-6442-CB8A-34665511BFC8}" = CCC Help Chinese Traditional
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBF8380D-8B72-6938-923A-5891703BCB4E}" = CCC Help Danish
"{ED0CFA85-9E9F-67B4-89C4-A07C42D51FB3}" = Catalyst Control Center Graphics Full New
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFE8A83-8D7E-21AF-F1C6-D617DC6D5455}" = CCC Help French
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aerie: Seele des Waldes" = Aerie: Seele des Waldes
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Age Of Oracles: Tara’s Journey" = Age Of Oracles: Tara’s Journey
"Alamandi" = Alamandi
"Alice im Wunderland" = Alice im Wunderland
"Annabel" = Annabel
"Avira AntiVir Desktop" = Avira Free Antivirus
"Brunhilda" = Brunhilda
"Dark Strokes: Die Sünden der Väter" = Dark Strokes: Die Sünden der Väter
"Das Reich des Drachen" = Das Reich des Drachen
"Das Verlorene Königreich: Die Prophezeiung" = Das Verlorene Königreich: Die Prophezeiung
"Das Vermächtnis des Einhorns" = Das Vermächtnis des Einhorns
"Deadtime Stories" = Deadtime Stories
"Der Blutschwur" = Der Blutschwur
"Die Sage von Kolossus" = Die Sage von Kolossus
"Die Wiege Olympias 2" = Die Wiege Olympias 2
"Die Wiege Roms 2" = Die Wiege Roms 2
"Dr. Lynch: Grave Secrets" = Dr. Lynch: Grave Secrets
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"dt icon module" = 
"Echos des Kummers" = Echos des Kummers
"Empress of the Deep" = Empress of the Deep
"Empress of the Deep 2 Sammleredition" = Empress of the Deep 2 Sammleredition
"EPSON Scanner" = EPSON Scan
"EPSON SX525WD Series" = EPSON SX525WD Series Printer Uninstall
"EPSON SX525WD Series Manual" = EPSON SX525WD Series Handbuch
"EPSON SX525WD Series Network Guide" = EPSON SX525WD Series Netzwerk-Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"Eternity" = Eternity
"Farm Craft" = Farm Craft
"FastestTube" = FastestTube
"Fiona Finch" = Fiona Finch
"Fluch der Pharaonen" = Fluch der Pharaonen
"Flucht aus dem Paradies" = Flucht aus dem Paradies
"Flucht aus dem Paradies 2" = Flucht aus dem Paradies 2
"Free Image Convert and Resize_is1" = Free Image Convert and Resize version 2.1.13.920
"Free Studio_is1" = Free Studio version 4.2
"Free Video to Motorola Phones Converter_is1" = Free Video to Motorola Phones Converter version 2.3.1.727
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download version 2.10.29
"Garten-Glück" = Garten-Glück
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"IrfanView" = IrfanView (remove only)
"Jack of all Tribes" = Jack of all Tribes
"Kaiser - das Erbe" = Kaiser - das Erbe
"Mad Robots_is1" = Mad Robots 3000
"Magic Encyclopedia: Illusionen" = Magic Encyclopedia: Illusionen
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Margrave: Der Fluch des gebrochenen Herzens" = Margrave: Der Fluch des gebrochenen Herzens
"MarketingTools" = VAIO Marketing Tools
"Masquerade Mysteries" = Masquerade Mysteries
"Mein Gartenparadies" = Mein Gartenparadies
"Mein Gartenparadies: Frühlingserwachen" = Mein Gartenparadies: Frühlingserwachen
"Meine kleine Farm" = Meine kleine Farm
"Meine kleine Farm 3: Russisches Roulette" = Meine kleine Farm 3: Russisches Roulette
"MFU Module" = 
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Midnight Mysteries" = Midnight Mysteries
"Midnight Mysteries: Salem Witch Trials" = Midnight Mysteries: Salem Witch Trials
"Miriel" = Miriel
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mr. Jones Grabgeflüster" = Mr. Jones Grabgeflüster
"Nightfall Mysteries: Der Fluch der Oper" = Nightfall Mysteries: Der Fluch der Oper
"Nightfall Mysteries: Die Ashburg-Verschwörung" = Nightfall Mysteries: Die Ashburg-Verschwörung
"Pidgin" = Pidgin
"Pingus" = Pingus
"Pioneer Lands" = Pioneer Lands
"Pixillion" = Pixillion Imagedatei-Konverter
"PokerStars.net" = PokerStars.net
"ProInst" = Intel PROSet Wireless
"Robbox_is1" = Robbox
"Robin’s Quest: Aufstieg einer Legende" = Robin’s Quest: Aufstieg einer Legende
"Robinson Crusoe und der Piratenfluch" = Robinson Crusoe und der Piratenfluch
"Sacra Terra: Nacht der Engel" = Sacra Terra: Nacht der Engel
"Sarah’s Ranch" = Sarah’s Ranch
"Spirit of Wandering" = Spirit of Wandering
"Startpage24" = Startpage24
"SuperTux_is1" = SuperTux 0.1.3
"SYBEX-Verlag GmbH - Zitate" = SYBEX-Verlag GmbH - Zitate
"Tarot des Schicksals" = Tarot des Schicksals
"The Enchanted Kingdom: Elisa’s Adventure" = The Enchanted Kingdom: Elisa’s Adventure
"The Island: Castaway" = The Island: Castaway
"The Island: Castaway 2" = The Island: Castaway 2
"Twisted Lands: Die Schattenstadt" = Twisted Lands: Die Schattenstadt
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"Vampireville" = Vampireville
"Vampirsaga: Willkommen in Hell Lock" = Vampirsaga: Willkommen in Hell Lock
"wdfs2008_is1" = WISSEN DIGITAL 3D Führerschein Trainer 2009
"Webfettibar Uninstall" = Webfetti
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wormux" = Wormux
"Youda Fairy" = Youda Fairy
"Youda Survivor" = Youda Survivor
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2012 15:23:59 | Computer Name = Désirée-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.02.2012 15:24:08 | Computer Name = Désirée-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 26.02.2012 05:44:05 | Computer Name = Désirée-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2012 05:44:11 | Computer Name = Désirée-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 26.02.2012 08:33:04 | Computer Name = Désirée-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VcmIAlzMgr.exe, Version: 3.4.0.13190,
 Zeitstempel: 0x4973f725  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0152ec21  ID des fehlerhaften
 Prozesses: 0xbd0  Startzeit der fehlerhaften Anwendung: 0x01ccf46b290289a9  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0701916f-6076-11e1-9480-002433d377d6
 
Error - 09.03.2012 13:06:19 | Computer Name = Désirée-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 154    Startzeit: 
01ccf483142f48ea    Endzeit: 170    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 2810c737-6a0a-11e1-9480-002433d377d6  
 
Error - 14.03.2012 15:26:37 | Computer Name = Désirée-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2012 12:21:22 | Computer Name = Désirée-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2012 12:21:30 | Computer Name = Désirée-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 31.03.2012 03:01:43 | Computer Name = Désirée-PC | Source = Application Hang | ID = 1002
Description = Programm VAIOUpdt.exe, Version 4.1.0.12040 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 120c    Startzeit:
 01cd02c7b6c74719    Endzeit: 61    Anwendungspfad: C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

Berichts-ID:
 4c03a961-7aff-11e1-9526-002433d377d6  
 
Error - 12.04.2012 15:43:00 | Computer Name = Désirée-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.04.2012 15:43:09 | Computer Name = Désirée-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
[ Media Center Events ]
Error - 17.01.2010 07:21:43 | Computer Name = Désirée-PC | Source = MCUpdate | ID = 0
Description = 12:21:42 - Fehler beim Herstellen der Internetverbindung.  12:21:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 14.06.2012 14:41:29 | Computer Name = Désirée-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 14.06.2012 15:13:29 | Computer Name = Désirée-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 14.06.2012 15:13:29 | Computer Name = Désirée-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 14.06.2012 21:49:38 | Computer Name = Désirée-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 14.06.2012 21:49:36 | Computer Name = Désirée-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 15.06.2012 15:56:06 | Computer Name = Désirée-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.06.2012 13:10:53 | Computer Name = Désirée-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.06.2012 09:33:07 | Computer Name = Désirée-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.06.2012 14:27:56 | Computer Name = Désirée-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 18.06.2012 14:27:57 | Computer Name = Désirée-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

cosinus · 18.06.2012, 21:44

Zitat:

Ist das OTL personifiziert oder allg. Gültig??

Ist diese Frage ernst gemeint? Was verstehst du unter allgemein gültig bzw. personifiziert?
Nur mal so, falls du das meinst: jeder Rechner hat ein anderes OTL-Log!
Wenn jedes System immer dasselbe Log ausspuckt, würde es auch nciht viel Sinn machen, jedem das Log erstellen zu lassen weil es ja eh vorhersagbar ist was drinsteht - oder hab ich dich völlig falsch verstanden?

magicfortune · 19.06.2012, 18:10

Das habe ich ja gemeint.

Wollte nur ein wenig verstehen was Ihr da macht. So gut kenne ich mich mit Viren etc auch nicht aus. :P

MfG
magicfortunge

cosinus · 19.06.2012, 23:07

Naja es versteht sich schon von selbst. Wenn jedes OTL-Log auf jedem Rechner identisch wäre, müssten wir kaum den Aufwand betreiben auch auf jedem Rechner so ein Log neu zu erstellen das Log stünde ja von vornherein fest!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=6789FF94-1B5C-418F-AB67-D056611F19BA&apn_sauid=B0654D97-0C66-4B09-B061-B47EE50BE6D3
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=0-PzDPaY_dvVM8njmJBRCbTWtEk?q={searchTerms}
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={SearchTerms}
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = http://search.webwebweb.com/search.php?query={searchTerms}&lang=de&zip=&town=&site=&country=
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\SearchScopes\Live Search: "URL" = http://search.live.com/results.aspx?q={searchTerms}&mkt=de-DE&FORM=MICGLV
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: ffext@webwebweb:1.0.0.449
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16225&locale=en_US&apn_uid=6789FF94-1B5C-418F-AB67-D056611F19BA&apn_ptnrs=QQ&apn_sauid=B0654D97-0C66-4B09-B061-B47EE50BE6D3&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2010.09.16 19:48:38 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.06.15 17:37:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 20:00:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.28 20:46:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.19 21:52:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.16 13:34:48 | 000,000,000 | ---D | M] (Webfetti) -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\7dffxtbr@Webfetti.com
[2012.05.24 22:42:22 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Désirée\AppData\Roaming\mozilla\Firefox\Profiles\gjpz37rw.default\extensions\toolbar@ask.com
[2012.06.14 21:48:04 | 000,002,572 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\askcom.xml
[2012.06.10 16:55:55 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-1.xml
[2011.12.18 20:03:20 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-10.xml
[2012.01.02 21:24:32 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-11.xml
[2012.01.18 23:27:21 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-12.xml
[2012.02.18 21:29:21 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-13.xml
[2012.02.26 11:15:12 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-14.xml
[2012.02.26 11:22:54 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-15.xml
[2012.03.28 20:46:12 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-16.xml
[2012.05.06 10:51:49 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-17.xml
[2012.05.13 13:48:01 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-18.xml
[2012.06.08 21:04:19 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-19.xml
[2011.06.16 10:34:03 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-2.xml
[2011.08.02 15:23:19 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-3.xml
[2011.08.26 18:29:56 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-4.xml
[2011.09.11 19:14:01 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-5.xml
[2011.09.15 10:34:20 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-6.xml
[2011.10.01 16:04:14 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-7.xml
[2011.10.11 19:50:07 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-8.xml
[2011.11.09 21:37:04 | 000,000,950 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\icqplugin.xml
[2009.08.11 19:23:35 | 000,003,915 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\sweetim.xml
[2011.06.20 23:33:06 | 000,005,218 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\webwebweb.xml
[2009.08.30 16:24:26 | 000,001,201 | ---- | M] () -- C:\Users\Désirée\AppData\Roaming\Mozilla\Firefox\Profiles\gjpz37rw.default\searchplugins\winamp-search.xml
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WebWebWeb) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\Program Files\WebWebWeb\Plugin\Version_449\link64_plugin.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2186960431-4147355705-1044024285-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4a250eb5-82ae-11de-87e0-002433d377d6}\Shell - "" = AutoRun
O33 - MountPoints2\{4a250eb5-82ae-11de-87e0-002433d377d6}\Shell\AutoRun\command - "" = G:\autorun.exe
[2012.06.08 19:00:30 | 000,000,000 | ---D | C] -- C:\Users\Désirée\AppData\Roaming\Rhiycqnu
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6425A235
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:270A3983
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7FCB9D0D
:Files
C:\Programme\ICQ6Toolbar
C:\Programme\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

magicfortune · 21.06.2012, 19:11

Habe deine Anweisungen befolgt.

Es kommt aber immer wieder zu einen Absturz, kurz nach dem ich Fix gedrückt habe.

A Problem has been detected and windows has been shut down to previos to your computer.
A process or thread crucial to system has unexpedtly end terminated.
This is the first time you´ve seen the stop error screen, Start your computer if you see this errer again.

Habe ich was falsch gemacht???

12.06.2012, 21:59	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Computer Verschlüsselungstrojaner Was ist mit dem Malwarebytes Vollscan? __________________ Logfiles bitte immer in CODE-Tags posten

15.06.2012, 12:01	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Computer Verschlüsselungstrojaner Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Computer Verschlüsselungstrojaner

Plagegeister aller Art und deren Bekämpfung: Computer Verschlüsselungstrojaner