Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: delta search deinstalliert - trotzdem noch infiziert?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.02.2013, 01:46   #1
Momorla
 
delta search deinstalliert - trotzdem noch infiziert? - Rotes Gesicht

delta search deinstalliert - trotzdem noch infiziert?



Habe beim download von einer schafkopf-freeware den delta search toolbar installiert. WOT hat mehrfach gehindert die deltasearch seite zu öffnen und mein trial von mcaffee war abgelaufen (neues laptop). jetzt hab ich den delta search toolbar deinstalliert und antivir (free version) installiert - die hat nichts gefunden. bin ich jetzt save? muss ich mein system neu aufsetzen? Vielen dank, für Eure Hilfe!!!

Alt 18.02.2013, 03:38   #2
t'john
/// Helfer-Team
 
delta search deinstalliert - trotzdem noch infiziert? - Standard

delta search deinstalliert - trotzdem noch infiziert?





Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



danach:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 18.02.2013, 20:06   #3
Momorla
 
delta search deinstalliert - trotzdem noch infiziert? - Standard

delta search deinstalliert - trotzdem noch infiziert?



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 18/02/2013 um 20:04:15 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Momo - MOMO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Momo\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Partner Service

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1qunohs6.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Momo\Desktop\Check for Updates.lnk
Datei Gelöscht : C:\Users\Momo\Desktop\Startfenster.lnk
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Momo\AppData\Local\APN
Ordner Gelöscht : C:\Users\Momo\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\5c55d88cb06eee44
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5c55d88cb06eee44
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=7c6e4b250000000000009c4e3673b48d --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1qunohs6.default\prefs.js

C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1qunohs6.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntr[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4238 octets] - [18/02/2013 20:04:15]

########## EOF - C:\AdwCleaner[S1].txt - [4298 octets] ##########
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.02.2013 20:10:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Momo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 72,44% Memory free
16,30 Gb Paging File | 13,89 Gb Available in Paging File | 85,22% Paging File free
Paging file location(s): c:\pagefile.sys 500 500d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917,19 Gb Total Space | 783,06 Gb Free Space | 85,38% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 12,56 Gb Free Space | 51,43% Space Free | Partition Type: NTFS
 
Computer Name: MOMO-PC | User Name: Momo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Momo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Momo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\LockKey\LockKey.exe ( )
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe ()
MOD - C:\Windows\SysWOW64\vmprp332.ax ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NSDSvc) -- C:\Windows\SysNative\NSDSvc.exe (Lenovo)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NitroReaderDriverReadSpool3) -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (MacDrive9Service) -- C:\Programme\Mediafour\MacDrive 9\MacDrive9Service.exe (Mediafour Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (CLKMSVC10_3A60B698) -- C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MDFSYSNT) -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV:64bit: - (MDPMGRNT) -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS (Mediafour Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (hswpan) -- C:\Windows\SysNative\drivers\hswpan.sys (Ozmo Inc)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (NSD) -- C:\Windows\SysNative\drivers\nsd.sys (Lenovo Corporation")
DRV:64bit: - (Nsdfltr) -- C:\Windows\SysNative\drivers\Nsdfltr.sys (Lenovo Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (CBDisk) -- C:\Windows\SysNative\drivers\CBDisk.sys (EldoS Corporation)
DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (HybridDisk) -- C:\Windows\SysNative\drivers\HybridDiskX64.sys (Lenovo.)
DRV:64bit: - (hybridcfile) -- C:\Windows\SysNative\drivers\HybridCFileX64.sys (Lenovo.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7KMOH
IE - HKU\S-1-5-21-4214735177-3956325808-2902130860-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 20:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.11 01:02:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 20:07:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.05 14:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Momo\AppData\Roaming\Mozilla\Extensions
[2013.02.17 14:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1qunohs6.default\extensions
[2013.02.03 21:16:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1qunohs6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.15 02:33:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1qunohs6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.22 19:17:36 | 000,002,289 | ---- | M] () -- C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1qunohs6.default\searchplugins\ecosia.xml
[2013.02.10 20:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.10 20:07:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=7c6e4b250000000000009c4e3673b48d
CHR - Extension: No name found = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121011204219.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130105214142.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MacDrive 9 application] C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Programme\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Intelligent Touchpad] C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe ()
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe ( )
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4214735177-3956325808-2902130860-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-4214735177-3956325808-2902130860-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4214735177-3956325808-2902130860-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Momo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4214735177-3956325808-2902130860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B9810C-BA0A-47C5-8836-9552E58AB9D2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2013.02.18 20:03:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Momo\Desktop\OTL.exe
[2013.02.18 01:35:56 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Avira
[2013.02.18 01:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.18 01:28:49 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.18 01:28:49 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.18 01:28:49 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.18 01:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.18 01:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.14 09:03:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 09:03:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 09:03:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 09:03:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 09:03:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 09:03:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 09:03:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 09:03:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 09:03:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 09:03:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 09:03:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 09:03:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 09:03:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 09:03:24 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 09:03:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 01:57:51 | 000,000,000 | ---D | C] -- C:\Users\Momo\Documents\Daten für NetSchafkopf
[2013.02.13 01:41:47 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 01:41:46 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 01:41:46 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 01:41:36 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 01:41:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 01:41:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 01:41:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 01:41:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 01:41:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 01:41:29 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 22:12:00 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\ratDVD
[2013.02.11 22:12:00 | 000,000,000 | ---D | C] -- C:\Users\Momo\Local Settings
[2013.02.11 13:33:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.02.11 13:33:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.02.11 13:31:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.02.11 13:31:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.02.11 13:31:54 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.02.11 13:31:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.02.11 13:31:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.02.11 13:31:54 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.02.11 13:31:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.02.11 13:31:54 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.02.11 13:31:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.02.11 13:31:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.02.11 13:31:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.02.11 13:31:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.02.11 13:31:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.02.11 13:31:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.02.11 13:31:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.02.11 13:31:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.02.11 13:31:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.02.11 13:31:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.02.11 13:31:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.02.11 13:31:53 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.02.11 13:31:53 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.02.11 13:31:53 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.02.11 13:31:53 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.02.11 13:31:53 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.02.11 13:31:53 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.02.11 13:29:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.02.11 13:29:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.02.11 13:29:25 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.02.11 13:29:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.02.11 13:17:43 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.02.11 13:17:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.02.11 13:17:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.02.11 13:17:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.02.11 13:17:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.02.11 13:17:42 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.02.11 13:17:42 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.02.11 13:17:42 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.02.11 13:17:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.02.11 13:17:42 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.02.11 13:17:42 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.02.11 13:17:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.02.11 13:17:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.02.11 13:17:42 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.02.11 13:17:42 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.02.11 13:17:42 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.02.11 13:17:42 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.02.11 13:17:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.02.11 13:17:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.02.11 13:17:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.02.11 13:17:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.02.11 13:17:42 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.02.11 13:17:42 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.02.11 13:17:41 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.02.11 13:17:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.02.11 13:17:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.02.11 13:17:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.02.11 13:17:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.02.11 13:17:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.02.11 13:17:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.02.11 13:17:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.02.11 13:17:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.02.11 13:17:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.11 13:17:21 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.11 13:17:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.11 13:17:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.11 13:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.11 13:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.11 13:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.11 13:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.11 13:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.11 13:17:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.11 13:17:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.11 13:17:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.11 13:17:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.11 13:17:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.11 13:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.11 13:17:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.11 13:17:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.11 13:17:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.11 13:17:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.11 13:17:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.11 13:17:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.11 13:17:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.11 13:17:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.11 13:17:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.11 13:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.11 13:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.11 13:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.11 13:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.11 13:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.11 13:17:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.11 13:17:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.11 13:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.11 13:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.11 13:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.11 13:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.11 13:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.11 13:17:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.11 13:17:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.11 13:17:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.11 13:17:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.11 13:17:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.11 13:16:57 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.02.11 13:16:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.02.11 13:16:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.02.11 13:16:54 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.11 13:16:54 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.11 13:16:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.02.11 13:16:53 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.02.11 13:16:45 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.02.11 13:16:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.02.11 13:16:40 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.02.11 13:16:40 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.02.11 13:16:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.02.11 13:16:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.02.11 13:16:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.02.11 13:16:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.02.11 13:16:31 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.02.11 13:16:28 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.02.11 13:16:27 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.11 13:16:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013.02.11 13:16:16 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.02.11 13:16:03 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013.02.11 13:12:20 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.11 13:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.11 13:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.11 01:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.02.10 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Thunderbird
[2013.02.10 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Thunderbird
[2013.02.10 22:23:03 | 019,660,176 | ---- | C] (Mozilla) -- C:\Users\Momo\Thunderbird Setup 17.0.2.exe
[2013.02.10 21:25:11 | 000,070,344 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\CBDisk.sys
[2013.02.10 21:25:05 | 000,041,680 | ---- | C] (Mediafour Corporation) -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS
[2013.02.10 21:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediafour
[2013.02.10 21:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mediafour
[2013.02.10 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2013.02.10 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2013.02.10 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Mediafour
[2013.02.10 21:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacDrive*9 Standard
[2013.02.10 21:24:18 | 013,341,408 | ---- | C] (Mediafour Corporation, info@mediafour.com) -- C:\Users\Momo\MacDrive Standard 9.0.5.14 (en) Setup.exe
[2013.02.10 20:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.28 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Nitro PDF
[2013.01.28 17:38:26 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Nitro
[2013.01.28 17:38:26 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\FileOpen
[2013.01.28 17:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013.01.28 17:38:04 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013.01.28 17:38:04 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013.01.28 17:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013.01.28 17:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013.01.28 17:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013.01.28 17:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013.01.28 17:36:01 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\OpenOffice.org
[2013.01.28 17:33:41 | 001,680,976 | ---- | C] (Solid State Networks) -- C:\Users\Momo\Desktop\nitro_pdf_reader_64_dlm_3.1.1.12.exe
[2013.01.28 17:32:52 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Downloaded Installations
[2013.01.28 17:31:04 | 001,677,696 | ---- | C] (Solid State Networks) -- C:\Users\Momo\Desktop\nitro_pdf_reader_32_dlm_3.1.1.12.exe
[2013.01.22 19:20:18 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\vlc
[2013.01.22 19:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.22 19:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.01.18 16:34:47 | 000,000,000 | ---D | C] -- C:\Users\Momo\Desktop\Filmgeschichte I
[2013.01.13 23:00:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.01.13 22:54:27 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.01.13 22:54:27 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.01.13 22:54:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.01.13 22:54:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.01.10 01:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2013.01.10 00:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2013.01.09 23:15:13 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 23:15:13 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 23:14:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 23:14:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.01.09 23:14:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.01.09 23:14:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.06 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Momo\Application Data
[2013.01.06 15:43:44 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\ElevatedDiagnostics
[2013.01.06 15:34:18 | 140,753,320 | ---- | C] (Microsoft Corporation) -- C:\Users\Momo\Desktop\Office2003SP3-KB923618-FullFile-DEU.exe
[2013.01.06 15:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.06 15:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013.01.06 15:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.01.06 15:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013.01.06 14:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.06 14:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.06 14:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2013.01.06 05:53:58 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Microsoft Games
[2013.01.06 05:43:14 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.01.06 05:43:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.01.06 05:42:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013.01.06 05:42:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013.01.06 05:42:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013.01.06 05:42:30 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.01.06 05:41:44 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.01.06 05:41:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.01.06 05:41:43 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.01.06 05:40:06 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.01.06 05:40:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.01.06 05:40:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013.01.06 05:40:05 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013.01.06 05:40:05 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013.01.06 05:39:35 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.01.06 05:39:28 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.01.06 05:39:28 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013.01.06 05:39:19 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.01.06 05:39:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.01.05 23:54:13 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\.elfohilfe
[2013.01.05 19:42:27 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\elsterformular
[2013.01.05 19:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.01.05 19:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2013.01.05 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2013.01.05 19:13:49 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\NVIDIA
[2013.01.05 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Momo\Documents\DVDFab
[2013.01.05 19:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2013.01.05 19:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
[2013.01.05 17:41:55 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\WebApp
[2013.01.05 17:40:42 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Lenovo
[2013.01.05 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\Momo\Documents\Lenovo
[2013.01.05 17:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2013.01.05 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\Momo\Documents\CyberLink
[2013.01.05 17:30:40 | 000,000,000 | ---D | C] -- C:\Users\Momo\Documents\Youcam
[2013.01.05 17:30:39 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\CyberLink
[2013.01.05 17:30:39 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\CyberLink
[2013.01.05 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Adobe
[2013.01.05 14:53:47 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.01.05 14:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.01.05 14:52:41 | 000,000,000 | ---D | C] -- C:\Users\Momo\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.01.05 14:36:04 | 000,000,000 | ---D | C] -- C:\Users\Momo\Desktop\Storyhouse
[2013.01.05 14:36:04 | 000,000,000 | ---D | C] -- C:\Users\Momo\Desktop\SÄURE
[2013.01.05 14:36:04 | 000,000,000 | ---D | C] -- C:\Users\Momo\Desktop\Reise 2012
[2013.01.05 14:36:04 | 000,000,000 | ---D | C] -- C:\Users\Momo\Desktop\PCSpeedUp
[2013.01.05 14:36:04 | 000,000,000 | ---D | C] -- C:\Users\Momo\Desktop\macromedia
[2013.01.05 14:36:02 | 000,000,000 | R--D | C] -- C:\Users\Momo\Dropbox
[2013.01.05 14:33:18 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.05 14:32:58 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Dropbox
[2013.01.05 14:19:38 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Skype
[2013.01.05 14:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.05 14:08:11 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Macromedia
[2013.01.05 14:06:13 | 000,697,712 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.05 14:06:12 | 000,074,096 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.05 14:06:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.01.05 14:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.01.05 14:00:57 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Mozilla
[2013.01.05 14:00:57 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Mozilla
[2013.01.05 14:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.05 14:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.05 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Macromedia
[2013.01.05 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Adobe
[2013.01.05 13:58:32 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Google
[2013.01.05 13:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2013.01.05 13:44:15 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Leadertech
[2013.01.05 13:44:15 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Intel Corporation
[2013.01.05 13:44:08 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Broadcom
[2013.01.05 13:44:08 | 000,000,000 | ---D | C] -- C:\Users\Momo\Documents\Bluetooth-Exchange-Ordner
[2013.01.05 13:43:51 | 000,000,000 | R--D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.05 13:43:51 | 000,000,000 | R--D | C] -- C:\Users\Momo\Searches
[2013.01.05 13:43:51 | 000,000,000 | R--D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.05 13:43:42 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Identities
[2013.01.05 13:43:41 | 000,000,000 | R--D | C] -- C:\Users\Momo\Contacts
[2013.01.05 13:43:37 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\VirtualStore
[2013.01.05 13:43:30 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.01.05 13:43:30 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.05 13:43:30 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.01.05 13:43:20 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.01.05 13:43:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.01.05 13:43:20 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.01.05 13:43:19 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.01.05 13:43:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.01.05 13:43:06 | 000,000,000 | --SD | C] -- C:\Users\Momo\AppData\Roaming\Microsoft
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Videos
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Saved Games
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Pictures
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Music
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Links
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Favorites
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Downloads
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Documents
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\Desktop
[2013.01.05 13:43:06 | 000,000,000 | R--D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Vorlagen
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\AppData\Local\Verlauf
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\AppData\Local\Temporary Internet Files
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Startmenü
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\SendTo
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Recent
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Netzwerkumgebung
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Lokale Einstellungen
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Documents\Eigene Videos
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Documents\Eigene Musik
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Eigene Dateien
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Documents\Eigene Bilder
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Druckumgebung
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Cookies
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\AppData\Local\Anwendungsdaten
[2013.01.05 13:43:06 | 000,000,000 | -HSD | C] -- C:\Users\Momo\Anwendungsdaten
[2013.01.05 13:43:06 | 000,000,000 | -H-D | C] -- C:\Users\Momo\AppData
[2013.01.05 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Temp
[2013.01.05 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Momo\Roaming
[2013.01.05 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Microsoft
[2013.01.05 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Media Center Programs
[2013.01.05 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2013.01.05 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Intel
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.05 13:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 60 Days ==========
 
[2013.02.18 20:12:30 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 20:12:30 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 20:10:09 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.18 20:10:09 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.18 20:10:09 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.18 20:10:09 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.18 20:10:09 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.18 20:05:33 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.18 20:05:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.18 20:05:21 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.18 20:03:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Momo\Desktop\OTL.exe
[2013.02.18 20:03:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.18 20:00:54 | 000,587,671 | ---- | M] () -- C:\Users\Momo\adwcleaner0.exe
[2013.02.18 01:29:48 | 109,939,648 | ---- | M] () -- C:\Users\Momo\Desktop\avira_free_antivirus_de-13.0.0.3185.exe
[2013.02.18 01:29:04 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.14 22:26:13 | 000,391,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.11 22:21:24 | 000,163,352 | ---- | M] () -- C:\Users\Momo\DVDShrink_downloader_by_DVDShrink.exe
[2013.02.11 22:09:08 | 000,163,504 | ---- | M] () -- C:\Users\Momo\ratDVD_downloader_by_ratDVD.exe
[2013.02.11 13:36:06 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.11 13:12:20 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.11 13:12:02 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.11 13:12:02 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.11 01:02:08 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.02.10 22:23:30 | 019,660,176 | ---- | M] (Mozilla) -- C:\Users\Momo\Thunderbird Setup 17.0.2.exe
[2013.02.10 21:24:19 | 013,341,408 | ---- | M] (Mediafour Corporation, info@mediafour.com) -- C:\Users\Momo\MacDrive Standard 9.0.5.14 (en) Setup.exe
[2013.02.02 23:51:40 | 000,001,059 | ---- | M] () -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.02 23:51:35 | 000,001,025 | ---- | M] () -- C:\Users\Momo\Desktop\Dropbox.lnk
[2013.01.28 17:38:04 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013.01.28 17:36:08 | 000,001,250 | ---- | M] () -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.28 17:33:43 | 001,680,976 | ---- | M] (Solid State Networks) -- C:\Users\Momo\Desktop\nitro_pdf_reader_64_dlm_3.1.1.12.exe
[2013.01.28 17:31:04 | 001,677,696 | ---- | M] (Solid State Networks) -- C:\Users\Momo\Desktop\nitro_pdf_reader_32_dlm_3.1.1.12.exe
[2013.01.22 19:19:27 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.22 19:17:59 | 023,057,544 | ---- | M] () -- C:\Users\Momo\vlc-2.0.5-win32.exe
[2013.01.18 19:27:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.14 22:39:36 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013.01.14 22:39:36 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013.01.09 02:19:09 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.01.09 02:11:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.01.09 02:10:26 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.01.09 02:07:51 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.01.09 02:07:50 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.01.09 02:07:47 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.01.09 02:06:39 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.01.09 02:04:58 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.01.09 02:00:48 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.01.08 23:03:12 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.01.08 23:01:48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.01.08 22:59:02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.01.08 22:58:43 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.01.08 22:56:37 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.01.08 22:53:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.01.06 15:37:34 | 140,753,320 | ---- | M] (Microsoft Corporation) -- C:\Users\Momo\Desktop\Office2003SP3-KB923618-FullFile-DEU.exe
[2013.01.06 15:31:42 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.01.06 14:53:21 | 000,631,114 | ---- | M] () -- C:\Users\Momo\Desktop\avc_prot_2012b_en.pdf
[2013.01.06 14:42:00 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.06 05:52:51 | 000,001,133 | ---- | M] () -- C:\Users\Momo\Desktop\Cyberlink Power2Go.lnk
[2013.01.05 19:41:30 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.01.05 19:40:33 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.05 19:40:33 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.05 19:13:46 | 000,001,068 | ---- | M] () -- C:\Users\Momo\Desktop\DVDFab Profile Editor.lnk
[2013.01.05 19:13:46 | 000,001,031 | ---- | M] () -- C:\Users\Momo\Desktop\DVDFab 8 Qt.lnk
[2013.01.05 14:53:47 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.01.05 14:00:55 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.05 13:44:00 | 000,002,097 | ---- | M] () -- C:\Users\Momo\Desktop\OneKey Recovery.lnk
[2013.01.05 13:43:37 | 000,000,021 | ---- | M] () -- C:\Windows\SysWow64\drivers\17AA_Lenovo_Lenovo_IdeaPad_Y580_2099.MRK
[2013.01.05 13:43:36 | 000,000,000 | ---- | M] () -- C:\Windows\firstboot.dat
[2013.01.05 06:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.01.05 06:00:15 | 003,967,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.01.05 06:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.01.04 06:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.04 05:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.04 03:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.04 03:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.04 03:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.04 03:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.03 07:00:42 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
 
========== Files Created - No Company Name ==========
 
[2013.02.18 20:00:54 | 000,587,671 | ---- | C] () -- C:\Users\Momo\adwcleaner0.exe
[2013.02.18 01:29:04 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.18 01:23:02 | 109,939,648 | ---- | C] () -- C:\Users\Momo\Desktop\avira_free_antivirus_de-13.0.0.3185.exe
[2013.02.11 22:21:23 | 000,163,352 | ---- | C] () -- C:\Users\Momo\DVDShrink_downloader_by_DVDShrink.exe
[2013.02.11 22:09:08 | 000,163,504 | ---- | C] () -- C:\Users\Momo\ratDVD_downloader_by_ratDVD.exe
[2013.02.11 13:33:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.11 13:29:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.11 01:02:08 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.02.11 01:02:08 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.01.28 17:38:04 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013.01.28 17:38:03 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
[2013.01.28 17:36:08 | 000,001,250 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.22 19:19:27 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.22 19:17:51 | 023,057,544 | ---- | C] () -- C:\Users\Momo\vlc-2.0.5-win32.exe
[2013.01.18 19:27:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.06 15:31:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.01.06 14:53:21 | 000,631,114 | ---- | C] () -- C:\Users\Momo\Desktop\avc_prot_2012b_en.pdf
[2013.01.06 14:42:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.06 14:42:00 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.05 19:41:30 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.01.05 19:13:46 | 000,001,068 | ---- | C] () -- C:\Users\Momo\Desktop\DVDFab Profile Editor.lnk
[2013.01.05 19:13:46 | 000,001,031 | ---- | C] () -- C:\Users\Momo\Desktop\DVDFab 8 Qt.lnk
[2013.01.05 14:53:47 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.01.05 14:36:02 | 000,001,025 | ---- | C] () -- C:\Users\Momo\Desktop\Dropbox.lnk
[2013.01.05 14:33:24 | 000,001,059 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.05 14:19:34 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.05 14:00:55 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.05 14:00:55 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.05 13:43:56 | 000,001,420 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.05 13:43:52 | 000,001,454 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.05 13:43:37 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\17AA_Lenovo_Lenovo_IdeaPad_Y580_2099.MRK
[2013.01.05 13:43:36 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2013.01.05 13:43:06 | 000,002,097 | ---- | C] () -- C:\Users\Momo\Desktop\OneKey Recovery.lnk
[2013.01.05 13:43:06 | 000,001,133 | ---- | C] () -- C:\Users\Momo\Desktop\Cyberlink Power2Go.lnk
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.11 19:45:01 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.10.11 19:45:01 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.10.11 19:45:01 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.10.11 19:45:01 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.10.11 19:44:55 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2012.10.11 19:28:31 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_4B0f1461_ca.bin
[2012.10.11 19:28:31 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_3B0f1461_ca.bin
[2012.10.11 19:28:31 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2012.10.11 19:28:31 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2012.10.11 19:25:14 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.11 19:23:28 | 000,002,004 | ---- | C] () -- C:\Windows\vm332Rmv.ini
[2012.10.11 19:23:28 | 000,002,004 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini
[2012.07.09 01:56:50 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.07.09 01:56:45 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---
__________________

Alt 18.02.2013, 21:01   #4
Momorla
 
delta search deinstalliert - trotzdem noch infiziert? - Standard

delta search deinstalliert - trotzdem noch infiziert?



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.02.2013 20:10:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Momo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 72,44% Memory free
16,30 Gb Paging File | 13,89 Gb Available in Paging File | 85,22% Paging File free
Paging file location(s): c:\pagefile.sys 500 500d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917,19 Gb Total Space | 783,06 Gb Free Space | 85,38% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 12,56 Gb Free Space | 51,43% Space Free | Partition Type: NTFS
 
Computer Name: MOMO-PC | User Name: Momo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-4214735177-3956325808-2902130860-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B2D3F6-6682-459F-B430-9502CC1CACA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0AC183DF-0A4E-4322-9C6E-EFABBEA6DA2D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1633F0F2-B6DD-49FE-837A-FF672EB1208B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{16B8610C-56C2-4FF5-A212-CF78C6D219F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1EEF6C9C-55C7-4ED8-B41E-2E76C6CA5E19}" = lport=137 | protocol=17 | dir=in | app=system | 
"{25E68BC9-60EC-48A7-8C2E-CA9BE4213D99}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2701F1C1-C647-49ED-A24E-A6236A6C9D0D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{410C4E55-6162-42BC-88A9-C78B7DFDEB66}" = rport=138 | protocol=17 | dir=out | app=system | 
"{415D4974-7B21-4EE7-88B5-2F45E62BBF8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{53987C59-62BF-49BD-9CE2-EE5990AAC8F3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{66105833-48A7-4C5A-89C8-AE0E88C9C191}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{66BF7558-4A0C-42D3-8C6A-2F44D8345F6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6E5FD59D-632D-471C-8471-5FDE19E8DB8C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6ED06E4E-B267-4D3B-B81D-478BA1D493C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8AEECB2E-1760-48C7-82FA-3C76AB04CD18}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8FA695FD-DC68-4E01-8DC8-6E57A1AC3876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{901C79D5-E7AA-4518-966D-0290D87352BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{9CF8D255-71A6-4763-A233-CFABE15DC674}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A68972DB-CE40-4405-8096-8CC720C5CB56}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BA2FF9C6-D084-4321-B19A-38C4B632E5C9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C946F1CF-72FE-4607-AF73-9BE815806B42}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CD943D68-8DB3-48D8-B473-C145AD7C0C85}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E99DA37B-C704-4ADF-AABE-EA2842BDD450}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF068D21-81DB-4000-8FF1-7B3DFFF80941}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE1550-D2C9-47DF-BEEF-B5C18A5E7F3D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{05F757E4-DA05-442E-8F53-4A39D3809E4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{091EBA4A-4710-4ACE-B0B6-7254393F3248}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{11312260-D8B7-4FF8-98B2-AAB5AD604231}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1CFCF786-6A05-43EE-90E8-97EFD2CCF3C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1E8AAE7B-DEF8-4968-BF07-954D1F1E4C6E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{22E23931-1974-4255-9D4A-9065B6E80DD3}" = protocol=17 | dir=in | app=c:\users\momo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{29635B69-DF32-4B24-8563-38455F451894}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{300D8957-503F-4316-AB23-A4B698002593}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{30D7BAF5-54BC-49EB-A553-B314C909A416}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DC05DD0-A30D-4DB0-9B60-5A807E60593C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4D2B8FC4-518D-4366-9BCE-6CBCA86795CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5669156D-E651-4651-AAD0-6697B3ACBBE7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{63C6D877-8732-4F89-B5EF-D6D30EF97FD4}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{8227DD68-D749-4AC1-8945-BB9BCE2B91BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9185A43D-79DB-4449-A092-F14DC260E3B4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9C543D59-2410-420F-ADFA-C1520424CE6C}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{9E6427C2-7BDF-4118-A74C-6D418B5DAB92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1B8BA9A-E9E7-4D89-A9C4-63B5FF52A448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30EC024-B634-4103-A6DC-4F98C3B62704}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A4B6D45C-1FCC-4389-8A1C-27F41DDCBA77}" = protocol=6 | dir=out | app=system | 
"{ACC598E1-44FB-4923-A3B5-FFB4ACA27AF7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AD7688A3-011F-4B58-9E92-91D1E362D514}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3FD3427-F7E3-4C94-8F16-57942D97BC15}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{C20E4C47-F387-4F96-9439-36474453FB9F}" = protocol=6 | dir=in | app=c:\users\momo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C7A32B4F-A32F-444D-BF39-F34757918C8D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{E4F4C606-73B2-477B-87AA-E6E8A0AAF253}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EAF579F9-E771-433F-A8FD-498C61817B29}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F0EA7616-F71B-4C67-AFA7-5692B91860B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F33E1B40-DD71-4BB3-AC31-F8EA7140C183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8691986-3077-4EBC-92B4-A1A822E5B246}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{D549B92A-B5B2-4410-9807-5791D02A9CF0}C:\users\momo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\momo\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FD6B78B6-8471-46D6-B0BE-8E414E86D351}C:\users\momo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\momo\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{31900DA4-6DA2-4ACB-95F8-A683EA837BF4}" = Nitro Reader 3
"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Gerätetreiber für Intel(R) Wireless Music
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A501BC46-C9DA-424E-853C-D83368C4B922}" = MacDrive 9 Standard
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi-Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}" = Nsd
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel(R) WiDi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVerMedia H339 Hybrid TV Tuner" = AVerMedia H339 Hybrid TV Tuner 2.2.64.73
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.6 (25/12/2012) Qt
"ElsterFormular" = ElsterFormular
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 38645" = Intel AppUp(SM) center
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SugarSync" = SugarSync Manager
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4214735177-3956325808-2902130860-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.02.2013 16:15:46 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
 Code is:0x422.).
 
Error - 03.02.2013 16:15:46 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
 The Code is:0x424.).
 
Error - 03.02.2013 16:15:47 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
 Code is:0x422.).
 
Error - 03.02.2013 16:15:47 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
 The Code is:0x424.).
 
Error - 11.02.2013 08:10:20 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Ajust Sleep time failed with 0, The Code
 is:0x422.).
 
Error - 11.02.2013 08:10:20 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query ManualSetMs key success failed with
 0, The Code is:0x424.).
 
Error - 11.02.2013 08:10:20 | Computer Name = Momo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2013 08:10:27 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
 Code is:0x422.).
 
Error - 11.02.2013 08:10:27 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
 The Code is:0x424.).
 
Error - 11.02.2013 08:10:27 | Computer Name = Momo-PC | Source = NSDSvc | ID = 131328
Description = An error has occurred (---IKEEXT failed with 23212, The Code is:0x598.).
 
[ System Events ]
Error - 18.01.2013 11:30:42 | Computer Name = Momo-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 18.01.2013 11:31:46 | Computer Name = Momo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 18.01.2013 11:31:46 | Computer Name = Momo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2718704)
 
Error - 18.01.2013 11:31:46 | Computer Name = Momo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2533552)
 
Error - 18.01.2013 11:31:46 | Computer Name = Momo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2620704)
 
Error - 18.01.2013 11:31:46 | Computer Name = Momo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2756921)
 
Error - 18.01.2013 11:47:35 | Computer Name = Momo-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.01.2013 10:56:30 | Computer Name = Momo-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.01.2013 10:56:35 | Computer Name = Momo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80080005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2620704)
 
Error - 03.02.2013 16:15:34 | Computer Name = Momo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?02.?2013 um 21:11:54 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---


Hallo t'john, hab das jetzt mal so gemacht, wie ichs verstanden habe. Die logfiles sagen mir leider nix - ich kenn mich da nicht aus. Vielen vielen Dank für Deine Hilfe!!!

Alt 19.02.2013, 19:32   #5
t'john
/// Helfer-Team
 
delta search deinstalliert - trotzdem noch infiziert? - Standard

delta search deinstalliert - trotzdem noch infiziert?



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

MOD - C:\Windows\SysWOW64\vmprp332.ax () 
[2013.01.10 01:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Momo\*.tmp
C:\Users\Momo\AppData\*.dll
C:\Users\Momo\AppData\*.exe
C:\Users\Momo\AppData\Local\Temp\*.exe
C:\Users\Momo\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


__________________
Mfg, t'john
Das TB unterstützen

Alt 24.04.2013, 16:31   #6
t'john
/// Helfer-Team
 
delta search deinstalliert - trotzdem noch infiziert? - Standard

delta search deinstalliert - trotzdem noch infiziert?



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
--> delta search deinstalliert - trotzdem noch infiziert?

Antwort

Themen zu delta search deinstalliert - trotzdem noch infiziert?
abgelaufen, antivir, aufsetzen, deinstalliert, delta, delta search, download, gefunde, hilfe!, hilfe!!!, infiziert, infiziert?, installier, laptop, mcaffee, mehrfach, neu aufsetzen, neues, nichts, search, seite, system, system neu, system neu aufsetzen, toolbar, version, öffnen




Ähnliche Themen: delta search deinstalliert - trotzdem noch infiziert?


  1. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  2. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  3. do-search kann nicht entfernt werden trotz Malware Bites und Avira, Programm nicht mehr sichtbar - do-search trotzdem noch da
    Log-Analyse und Auswertung - 08.12.2013 (21)
  4. Wegen Delta Search Log gemacht - nun etwas angst das hier noch mehr im Busch ist :/
    Log-Analyse und Auswertung - 02.11.2013 (15)
  5. Trotz Adw-cleaner Delta Search immer noch vorhanden?
    Log-Analyse und Auswertung - 10.08.2013 (11)
  6. Windows XP - Delta Toolbar deinstalliert - Sauber?
    Log-Analyse und Auswertung - 07.08.2013 (7)
  7. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  8. Delta search gelöscht - trotzdem noch Schadsoftware?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (20)
  9. Yontoo gefunden und deinstalliert. Trotzdem Netzwerktraffic.
    Log-Analyse und Auswertung - 20.04.2013 (2)
  10. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  11. Erst Delta Search installiert dann mit Spy Hunter 4 noch schlimmer gemacht
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (9)
  12. Delta Search bei Tab öffnen noch vorhanden
    Log-Analyse und Auswertung - 26.03.2013 (19)
  13. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  14. Google, FB startet nicht, Delta Search vor einer Woche bereits deinstalliert, ungewollte Werbeeinblendungen ebenfalls bereits deinstalliert
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (7)
  15. Delta Search gelöscht... noch Viren ja oder nein?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (9)
  16. ZoneAlarm deinstalliert aber trotzdem noch Aktiv!!!???
    Log-Analyse und Auswertung - 23.09.2006 (10)
  17. Spyfalcon 2.0 Deinstalliert trotzdem F.meldung
    Plagegeister aller Art und deren Bekämpfung - 29.04.2006 (66)

Zum Thema delta search deinstalliert - trotzdem noch infiziert? - Habe beim download von einer schafkopf-freeware den delta search toolbar installiert. WOT hat mehrfach gehindert die deltasearch seite zu öffnen und mein trial von mcaffee war abgelaufen (neues laptop). jetzt - delta search deinstalliert - trotzdem noch infiziert?...
Archiv
Du betrachtest: delta search deinstalliert - trotzdem noch infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.