Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner - Onlinebanking gesperrt TR/bafi.A.X

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.01.2012, 19:06   #1
elawolol
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



Hallo,
Seit ein paar Tagen ist mein Onlinebanking gesperrt, weil sich jemand aus Asien auf meinen Account angemeldet habe.
Das selbe bei meineM facebook Account.
Avira hat einige Trojaner gefunden:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 12. Januar 2012 18:33

Es wird nach 3065252 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : PHILIPP-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 15.12.2011 13:59:39
AVSCAN.DLL : 12.1.0.17 65744 Bytes 15.12.2011 13:59:56
LUKE.DLL : 12.1.0.17 68304 Bytes 15.12.2011 13:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 15.12.2011 13:59:39
AVREG.DLL : 12.1.0.27 227536 Bytes 15.12.2011 13:59:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:03:27
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 16:03:27
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 16:03:27
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 16:03:27
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 16:03:27
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 16:03:27
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 16:03:27
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 16:03:27
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 16:03:27
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 16:03:27
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 16:03:27
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 16:03:28
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 16:03:28
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 16:03:28
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 16:03:28
VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 16:03:28
VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 16:03:29
VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 16:03:29
VBASE020.VDF : 7.11.20.207 230400 Bytes 10.01.2012 16:03:29
VBASE021.VDF : 7.11.20.236 150528 Bytes 11.01.2012 16:03:30
VBASE022.VDF : 7.11.20.237 2048 Bytes 11.01.2012 16:03:30
VBASE023.VDF : 7.11.20.238 2048 Bytes 11.01.2012 16:03:30
VBASE024.VDF : 7.11.20.239 2048 Bytes 11.01.2012 16:03:30
VBASE025.VDF : 7.11.20.240 2048 Bytes 11.01.2012 16:03:30
VBASE026.VDF : 7.11.20.241 2048 Bytes 11.01.2012 16:03:30
VBASE027.VDF : 7.11.20.242 2048 Bytes 11.01.2012 16:03:30
VBASE028.VDF : 7.11.20.243 2048 Bytes 11.01.2012 16:03:30
VBASE029.VDF : 7.11.20.244 2048 Bytes 11.01.2012 16:03:30
VBASE030.VDF : 7.11.20.245 2048 Bytes 11.01.2012 16:03:31
VBASE031.VDF : 7.11.21.0 77824 Bytes 12.01.2012 16:03:31
Engineversion : 8.2.8.22
AEVDF.DLL : 8.1.2.2 106868 Bytes 15.12.2011 13:59:36
AESCRIPT.DLL : 8.1.3.96 434554 Bytes 12.01.2012 16:03:34
AESCN.DLL : 8.1.7.2 127349 Bytes 14.12.2011 23:31:02
AESBX.DLL : 8.2.4.5 434549 Bytes 15.12.2011 13:59:35
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.2.15.1 770423 Bytes 15.12.2011 13:59:35
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 12.01.2012 16:03:34
AEHEUR.DLL : 8.1.3.15 4264310 Bytes 12.01.2012 16:03:34
AEHELP.DLL : 8.1.18.0 254327 Bytes 15.12.2011 13:59:31
AEGEN.DLL : 8.1.5.17 405877 Bytes 15.12.2011 13:59:31
AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58
AECORE.DLL : 8.1.24.3 201079 Bytes 12.01.2012 16:03:31
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.1.0.17 27344 Bytes 15.12.2011 13:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 15.12.2011 13:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 15.12.2011 13:59:38
AVARKT.DLL : 12.1.0.19 208848 Bytes 15.12.2011 13:59:36
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 15.12.2011 13:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 15.12.2011 13:59:50
AVSMTP.DLL : 12.1.0.17 62928 Bytes 15.12.2011 13:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 15.12.2011 13:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 15.12.2011 13:59:58
RCTEXT.DLL : 12.1.0.16 98512 Bytes 15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f0f1795\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Donnerstag, 12. Januar 2012 18:33

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BambooCore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'facemoodssrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LOLRecorder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'onsuu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Connectify.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTShellHlp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'statuscached.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConnectifyD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConnectifyService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF064.dll'
C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF064.dll
[0] Archivtyp: RSRC
--> Object
[FUND] Ist das Trojanische Pferd TR/Offend.7066051
--> Object
[FUND] Ist das Trojanische Pferd TR/bafi.A.9
--> Object
[FUND] Ist das Trojanische Pferd TR/bafi.A.8
--> Object
[FUND] Ist das Trojanische Pferd TR/bafi.A.4
--> Object
[FUND] Ist das Trojanische Pferd TR/bafi.A.7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b92b47f.qua' verschoben!
Beginne mit der Suche in 'C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0645.dll'
C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0645.dll
[FUND] Ist das Trojanische Pferd TR/Offend.7066051
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53059bd8.qua' verschoben!
Beginne mit der Suche in 'C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0646.dll'
C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0646.dll
[FUND] Ist das Trojanische Pferd TR/bafi.A.9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '015ac130.qua' verschoben!
Beginne mit der Suche in 'C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0647.dll'
C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0647.dll
[FUND] Ist das Trojanische Pferd TR/bafi.A.8
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '676d8ef2.qua' verschoben!
Beginne mit der Suche in 'C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0648.dll'
C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0648.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '22e9a3cc.qua' verschoben!
Beginne mit der Suche in 'C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0649.dll'
C:\Users\Philipp\AppData\Roaming\5064\components\AcroFF0649.dll
[FUND] Ist das Trojanische Pferd TR/bafi.A.7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5df291ad.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 12. Januar 2012 18:34
Benötigte Zeit: 00:19 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
674 Dateien wurden geprüft
11 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
6 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
663 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
6 Hinweise


Log-Dateien:
hxxp://dl.dropbox.com/u/14974351/Extras.Txt


hxxp://dl.dropbox.com/u/14974351/OTL.Txt

Wie gehe ich jetzt am klügsten vor? Am liebsten ohne formatieren zu müssen - mir stehen gerade keine Medien zur datensicherung zur Verfügung.

Grüße
philipp

Alt 12.01.2012, 19:10   #2
elawolol
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



Code:
ATTFilter
OTL logfile created on: 12.01.2012 18:41:25 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Philipp\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,62% Memory free
5,98 Gb Paging File | 4,40 Gb Available in Paging File | 73,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 156,25 Gb Total Space | 6,21 Gb Free Space | 3,98% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 1,20 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
Drive E: | 203,40 Gb Total Space | 2,50 Gb Free Space | 1,23% Space Free | Partition Type: NTFS
Drive F: | 63,23 Gb Total Space | 0,74 Gb Free Space | 1,16% Space Free | Partition Type: NTFS
Drive H: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.12 18:39:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.11.25 18:14:16 | 000,216,576 | ---- | M] () -- C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe
PRC - [2011.10.11 17:54:00 | 000,179,712 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Ibruq\onsuu.exe
PRC - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2011.08.30 17:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.23 16:47:06 | 000,321,864 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe
PRC - [2011.08.23 16:47:04 | 002,717,000 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectify.exe
PRC - [2011.08.20 21:50:56 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.25 08:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.11 09:27:46 | 000,570,688 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2010.11.11 09:27:40 | 000,193,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.10.26 16:37:08 | 000,323,584 | ---- | M] (facemoods.com) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
PRC - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.02 21:54:53 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\233bf54bdcfe71f4f6273f2aa90af531\System.WorkflowServices.ni.dll
MOD - [2012.01.02 21:54:23 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9a29ccc783b1305deb24c667ad79d287\System.ServiceModel.Web.ni.dll
MOD - [2012.01.02 21:52:19 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3be59fc152f841624066c269cc2fff62\System.IdentityModel.ni.dll
MOD - [2012.01.02 21:52:16 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5107d5be0963a2026d7c8be0796a5b1b\System.ServiceModel.ni.dll
MOD - [2012.01.02 03:28:11 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b8ee7bf7d7ac34623238f731b05395a2\System.Web.ni.dll
MOD - [2012.01.02 03:27:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2011.10.15 12:50:35 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll
MOD - [2011.10.15 12:50:33 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9123843fd33a30164ceb951c98b7ca2a\SMDiagnostics.ni.dll
MOD - [2011.10.15 12:02:39 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.15 12:02:29 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.15 12:02:07 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\9b8dcad25a3be7d4a3f3b8b384f3190a\System.Security.ni.dll
MOD - [2011.10.15 12:02:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.15 12:01:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.15 12:01:58 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.15 12:01:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.10.11 17:54:00 | 000,179,712 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Ibruq\onsuu.exe
MOD - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2011.08.23 16:48:06 | 000,030,024 | ---- | M] () -- C:\Program Files (x86)\Connectify\Scannify.dll
MOD - [2011.08.23 16:47:18 | 000,022,344 | ---- | M] () -- C:\Program Files (x86)\Connectify\DriverLib.dll
MOD - [2011.08.23 16:47:02 | 000,014,152 | ---- | M] () -- C:\Program Files (x86)\Connectify\BuildProps.dll
MOD - [2011.08.12 14:05:54 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.14 18:58:23 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2009.07.14 18:58:13 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.15 00:07:57 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.28 18:08:43 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.25 18:14:16 | 000,216,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe -- (statuscached)
SRV - [2011.09.14 23:23:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.20 21:50:56 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011.08.04 13:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.25 08:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.18 12:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Running] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.09 19:29:38 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2011.09.21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.09.18 20:07:44 | 000,256,576 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.07.31 19:11:05 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2011.05.25 08:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 17:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.06.29 17:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.09 12:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011.08.06 20:14:43 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)
DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B EE FF 41 84 CF CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Philipp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.22 16:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.22 16:10:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Philipp\AppData\Roaming\5064 [2011.12.22 16:47:45 | 000,000,000 | ---D | M]
 
[2011.07.31 19:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2012.01.12 18:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions
[2011.11.21 16:17:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.07.31 22:47:44 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.08.03 20:00:15 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions\ffxtlbr@Facemoods.com
[2011.09.06 10:55:27 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions\firebug@software.joehewitt.com
[2011.10.19 15:39:22 | 000,001,831 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\eg9ubfbv.default\searchplugins\leo-deu-eng.xml
[2011.08.12 14:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.12 14:02:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.03 21:25:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.12.22 16:47:45 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\PHILIPP\APPDATA\ROAMING\5064
[2010.08.09 15:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll
[2011.08.03 21:25:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.22 13:14:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.22 13:14:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.22 13:14:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.22 13:14:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.22 13:14:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.11.11 16:49:53 | 000,000,505 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:  127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts:  127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts:  127.0.0.1 activate.wip3.adobe.com
O1 - Hosts:  127.0.0.1 adobeereg.com 
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts:  127.0.0.1 ereg.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts:  127.0.0.1 192.150.18.108 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 wip3.adobe.com 
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [Cmaudio8768GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8768GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [onsuu.exe] C:\Users\Philipp\AppData\Roaming\Ibruq\onsuu.exe ()
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A90F461-687A-4C53-BD65-0C1FBED4F9E8}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADA3D1B8-6DA9-4E96-80AB-51A84212615F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42E3229-27A8-4EBD-AEE9-7A4E401A73AD}: DhcpNameServer = 139.7.30.126 139.7.30.125
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.16 11:18:10 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{392a098f-fbfd-11e0-ba12-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{392a098f-fbfd-11e0-ba12-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{392a09b4-fbfd-11e0-ba12-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{392a09b4-fbfd-11e0-ba12-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c0a7ffc-f299-11e0-8788-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{8c0a7ffc-f299-11e0-8788-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c0a8006-f299-11e0-8788-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{8c0a8006-f299-11e0-8788-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a4a0fd13-fa88-11e0-a698-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{a4a0fd13-fa88-11e0-a698-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e6fa4685-0226-11e1-a0aa-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{e6fa4685-0226-11e1-a0aa-0016e6322a6b}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{f4605591-e1db-11e0-9f2c-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{f4605591-e1db-11e0-9f2c-0016e6322a6b}\Shell\AutoRun\command - "" = H:\setup.exe -- [2005.04.07 00:39:06 | 000,121,064 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {162FAA2E-A8E5-911A-A1A1-91EA62B626AF} - Offline Browsing Pack
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {F6951CCE-9EC9-9BA4-2C83-728E3D5499C8} - Microsoft Windows Media Player
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartSVN 6.6 (background).lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk - C:\Windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: MobileConnect - hkey= - key= - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.12 17:08:08 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Avira
[2012.01.12 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft Corporation
[2012.01.12 17:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.12 17:02:19 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.01.12 17:02:19 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.01.12 17:02:19 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.01.12 17:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.12 17:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.01.10 04:49:01 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lolcounterpick
[2012.01.10 04:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lolcounterpick
[2012.01.10 00:02:26 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Help
[2012.01.09 23:58:21 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Windows Search
[2012.01.09 22:23:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\Test
[2012.01.09 01:30:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\MonoDevelop-Unity
[2012.01.09 01:05:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\New Unity Project
[2012.01.09 00:36:32 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Unity
[2012.01.09 00:34:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\PACE Anti-Piracy
[2012.01.09 00:34:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\PACE Anti-Piracy
[2012.01.09 00:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012.01.09 00:33:53 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Unity
[2012.01.09 00:32:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2012.01.09 00:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2012.01.09 00:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2012.01.08 00:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.12.31 20:59:15 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\JGsoft
[2011.12.31 20:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPad Lite
[2011.12.31 20:59:10 | 000,067,312 | ---- | C] (Just Great Software) -- C:\Windows\UnDeployV.exe
[2011.12.31 20:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JGsoft
[2011.12.30 22:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\MAXON
[2011.12.30 22:16:15 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011.12.30 22:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
[2011.12.30 22:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAXON
[2011.12.30 22:13:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\MAXON
[2011.12.28 20:12:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011.12.28 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Wacom
[2011.12.28 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2011.12.28 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2011.12.28 20:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2011.12.28 20:05:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\WTablet
[2011.12.28 20:05:36 | 001,107,832 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
[2011.12.28 20:05:35 | 001,326,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll
[2011.12.28 20:05:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2011.12.28 20:05:09 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2011.12.28 20:04:43 | 001,392,504 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomMT.dll
[2011.12.28 20:04:43 | 001,156,472 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2011.12.28 20:04:43 | 001,152,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\WacomMT.dll
[2011.12.28 20:04:42 | 001,665,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2011.12.28 20:04:42 | 001,401,208 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2011.12.28 20:04:42 | 001,369,464 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2011.12.28 19:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2011.12.28 19:50:52 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2011.12.28 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011.12.28 16:14:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.12.26 16:07:06 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamers.IRC
[2011.12.26 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\mIRC
[2011.12.26 16:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gamers.IRC
[2011.12.22 16:47:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5064
[2011.12.22 16:47:38 | 000,351,184 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Philipp\AppData\Roaming\AcroIEHelpe068.dll
[2011.12.21 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5063
[2011.12.20 18:17:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\EurekaLog
[2011.12.20 15:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\True BoxShot
[2011.12.20 15:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True BoxShot
[2011.12.20 15:27:38 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\True BoxShot
[2011.12.20 15:07:34 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5062
[2011.12.19 15:29:39 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5061
[2011.12.17 02:26:46 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Local\QtN8MbDMHmZJnq
[2011.12.16 15:36:42 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5060
[2011.12.14 15:41:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5059
[2011.11.22 22:19:08 | 000,244,688 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Philipp\AppData\Roaming\AcroIEHelpe.dll
[2 C:\Users\Philipp\AppData\Roaming\*.tmp files -> C:\Users\Philipp\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.12 18:38:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.12 18:37:38 | 000,000,178 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2012.01.12 18:34:04 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 18:34:02 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 18:25:46 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.12 18:25:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.12 18:25:15 | 2409,275,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.12 17:02:41 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.12 04:02:43 | 000,000,132 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.10 19:09:48 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.01.10 19:09:48 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.01.10 00:36:52 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.10 00:36:52 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.10 00:36:52 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.10 00:36:52 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.10 00:36:52 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.09 19:19:57 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012.01.09 19:19:57 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012.01.09 19:19:57 | 000,040,960 | ---- | M] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012.01.09 02:37:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012.01.08 23:42:53 | 000,000,107 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\urhtps.dat
[2012.01.07 02:40:10 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.12.31 20:59:11 | 000,001,539 | ---- | M] () -- C:\Users\Public\Desktop\EditPad Lite.lnk
[2011.12.31 20:56:33 | 000,001,235 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.12.30 00:52:56 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2011.12.30 00:52:56 | 000,000,965 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.28 20:07:21 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2011.12.26 21:02:03 | 000,106,868 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.12.21 17:28:24 | 000,001,456 | ---- | M] () -- C:\Users\Philipp\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.21 17:15:26 | 000,000,132 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.12.16 14:44:11 | 005,789,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2 C:\Users\Philipp\AppData\Roaming\*.tmp files -> C:\Users\Philipp\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.12 18:37:38 | 000,000,178 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2012.01.12 17:02:41 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.10 19:09:48 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.01.09 19:20:30 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012.01.09 19:20:23 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012.01.09 19:20:23 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012.01.09 00:32:12 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2012.01.06 01:01:53 | 733,464,576 | R--- | C] () -- C:\1995 - Pocahontas.avi
[2011.12.31 20:59:11 | 000,001,539 | ---- | C] () -- C:\Users\Public\Desktop\EditPad Lite.lnk
[2011.12.31 20:56:33 | 000,001,235 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.12.28 20:07:21 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2011.12.28 19:50:47 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTouchTabletUserDefaults.xml
[2011.12.28 19:50:47 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTabletUserDefaults.xml
[2011.12.26 21:02:03 | 000,106,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.12.21 17:18:26 | 000,001,456 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.21 17:15:26 | 000,000,132 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.12.12 00:22:55 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.10 15:14:46 | 000,000,107 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\urhtps.dat
[2011.11.12 17:56:44 | 000,000,095 | ---- | C] () -- C:\Users\Philipp\AppData\Local\fusioncache.dat
[2011.11.12 17:54:06 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.04 22:54:29 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.11.04 22:42:49 | 000,028,511 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.08.16 15:31:42 | 000,000,132 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.07.31 19:11:43 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2011.07.31 19:11:43 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2011.07.31 19:11:42 | 000,000,317 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2011.07.31 19:11:18 | 000,003,518 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2011.07.31 19:11:18 | 000,000,132 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2011.07.31 19:11:13 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.11.22 22:19:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5047
[2011.11.23 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5048
[2011.11.24 12:56:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5049
[2011.11.25 23:29:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5050
[2011.11.28 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5051
[2011.12.01 19:33:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5052
[2011.12.04 15:36:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5053
[2011.12.09 20:32:06 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5054
[2011.12.10 15:43:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5055
[2011.12.12 14:45:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5056
[2011.12.13 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5058
[2011.12.14 15:41:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5059
[2011.12.16 15:36:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5060
[2011.12.19 15:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5061
[2011.12.20 15:07:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5062
[2011.12.21 16:27:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5063
[2011.12.22 16:47:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5064
[2012.01.01 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Audacity
[2011.09.05 17:48:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited
[2011.11.17 19:01:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.13 17:22:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.18 20:11:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Pro
[2011.09.05 17:37:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DeepBurner
[2012.01.12 18:32:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[2011.12.20 18:19:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\EurekaLog
[2011.12.02 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ibruq
[2012.01.12 18:40:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ
[2011.09.29 14:20:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ImgBurn
[2011.08.13 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\IrfanView
[2011.12.31 20:59:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\JGsoft
[2011.11.22 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\kock
[2011.07.31 22:43:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LolClient
[2012.01.12 18:35:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Lyki
[2011.12.31 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAXON
[2012.01.10 00:15:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MonoDevelop-Unity
[2011.08.12 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2012.01.09 00:36:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PACE Anti-Piracy
[2011.11.15 17:57:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Processing
[2011.09.04 14:32:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.07 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Steinberg
[2011.12.12 14:44:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Subversion
[2011.12.12 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\syntevo
[2011.11.22 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer
[2011.08.14 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client
[2011.12.14 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\UAs
[2012.01.09 04:06:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Unity
[2011.10.09 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vodafone
[2011.11.07 15:21:30 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VST3 Presets
[2011.12.28 20:07:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Wacom
[2011.12.28 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.01.09 23:58:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Windows Search
[2012.01.12 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\xmldm
[2012.01.10 11:35:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.07.31 18:37:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.31 19:27:20 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.07.31 18:36:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.06 20:07:18 | 000,000,000 | ---D | M] -- C:\Game
[2011.07.31 19:12:12 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.08.13 17:22:51 | 000,000,000 | ---D | M] -- C:\Photoshop
[2011.12.30 22:19:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.12 17:02:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.12 17:02:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.07.31 18:36:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.31 18:36:44 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.13 17:14:12 | 000,000,000 | ---D | M] -- C:\skyrim
[2012.01.12 18:44:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.31 22:39:46 | 000,000,000 | ---D | M] -- C:\temp
[2011.07.31 18:47:59 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.31 20:59:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         
__________________


Alt 12.01.2012, 19:13   #3
elawolol
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



Sorry für die Doppelposts, hier hing gerad alles. :/

Zitat:
Zitat von elawolol Beitrag anzeigen
Code:
ATTFilter
OTL logfile created on: 12.01.2012 18:41:25 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Philipp\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,62% Memory free
5,98 Gb Paging File | 4,40 Gb Available in Paging File | 73,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 156,25 Gb Total Space | 6,21 Gb Free Space | 3,98% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 1,20 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
Drive E: | 203,40 Gb Total Space | 2,50 Gb Free Space | 1,23% Space Free | Partition Type: NTFS
Drive F: | 63,23 Gb Total Space | 0,74 Gb Free Space | 1,16% Space Free | Partition Type: NTFS
Drive H: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.12 18:39:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.11.25 18:14:16 | 000,216,576 | ---- | M] () -- C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe
PRC - [2011.10.11 17:54:00 | 000,179,712 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Ibruq\onsuu.exe
PRC - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2011.08.30 17:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.23 16:47:06 | 000,321,864 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe
PRC - [2011.08.23 16:47:04 | 002,717,000 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectify.exe
PRC - [2011.08.20 21:50:56 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.25 08:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.11 09:27:46 | 000,570,688 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2010.11.11 09:27:40 | 000,193,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.10.26 16:37:08 | 000,323,584 | ---- | M] (facemoods.com) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
PRC - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.02 21:54:53 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\233bf54bdcfe71f4f6273f2aa90af531\System.WorkflowServices.ni.dll
MOD - [2012.01.02 21:54:23 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9a29ccc783b1305deb24c667ad79d287\System.ServiceModel.Web.ni.dll
MOD - [2012.01.02 21:52:19 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3be59fc152f841624066c269cc2fff62\System.IdentityModel.ni.dll
MOD - [2012.01.02 21:52:16 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5107d5be0963a2026d7c8be0796a5b1b\System.ServiceModel.ni.dll
MOD - [2012.01.02 03:28:11 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b8ee7bf7d7ac34623238f731b05395a2\System.Web.ni.dll
MOD - [2012.01.02 03:27:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2011.10.15 12:50:35 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll
MOD - [2011.10.15 12:50:33 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9123843fd33a30164ceb951c98b7ca2a\SMDiagnostics.ni.dll
MOD - [2011.10.15 12:02:39 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.15 12:02:29 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.15 12:02:07 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\9b8dcad25a3be7d4a3f3b8b384f3190a\System.Security.ni.dll
MOD - [2011.10.15 12:02:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.15 12:01:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.15 12:01:58 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.15 12:01:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.10.11 17:54:00 | 000,179,712 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Ibruq\onsuu.exe
MOD - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2011.08.23 16:48:06 | 000,030,024 | ---- | M] () -- C:\Program Files (x86)\Connectify\Scannify.dll
MOD - [2011.08.23 16:47:18 | 000,022,344 | ---- | M] () -- C:\Program Files (x86)\Connectify\DriverLib.dll
MOD - [2011.08.23 16:47:02 | 000,014,152 | ---- | M] () -- C:\Program Files (x86)\Connectify\BuildProps.dll
MOD - [2011.08.12 14:05:54 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.14 18:58:23 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2009.07.14 18:58:13 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.15 00:07:57 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.28 18:08:43 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.25 18:14:16 | 000,216,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe -- (statuscached)
SRV - [2011.09.14 23:23:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.20 21:50:56 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011.08.04 13:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.25 08:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.18 12:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Running] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.09 19:29:38 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2011.09.21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.09.18 20:07:44 | 000,256,576 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.07.31 19:11:05 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2011.05.25 08:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 17:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.06.29 17:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.09 12:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011.08.06 20:14:43 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)
DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B EE FF 41 84 CF CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Philipp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.22 16:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.22 16:10:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Philipp\AppData\Roaming\5064 [2011.12.22 16:47:45 | 000,000,000 | ---D | M]
 
[2011.07.31 19:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2012.01.12 18:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions
[2011.11.21 16:17:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.07.31 22:47:44 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.08.03 20:00:15 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions\ffxtlbr@Facemoods.com
[2011.09.06 10:55:27 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\eg9ubfbv.default\extensions\firebug@software.joehewitt.com
[2011.10.19 15:39:22 | 000,001,831 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\eg9ubfbv.default\searchplugins\leo-deu-eng.xml
[2011.08.12 14:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.12 14:02:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.03 21:25:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.12.22 16:47:45 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\PHILIPP\APPDATA\ROAMING\5064
[2010.08.09 15:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll
[2011.08.03 21:25:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.22 13:14:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.22 13:14:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.22 13:14:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.22 13:14:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.22 13:14:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.11.11 16:49:53 | 000,000,505 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:  127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts:  127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts:  127.0.0.1 activate.wip3.adobe.com
O1 - Hosts:  127.0.0.1 adobeereg.com 
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts:  127.0.0.1 ereg.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts:  127.0.0.1 192.150.18.108 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 wip3.adobe.com 
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [Cmaudio8768GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8768GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [onsuu.exe] C:\Users\Philipp\AppData\Roaming\Ibruq\onsuu.exe ()
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A90F461-687A-4C53-BD65-0C1FBED4F9E8}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADA3D1B8-6DA9-4E96-80AB-51A84212615F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42E3229-27A8-4EBD-AEE9-7A4E401A73AD}: DhcpNameServer = 139.7.30.126 139.7.30.125
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.16 11:18:10 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{392a098f-fbfd-11e0-ba12-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{392a098f-fbfd-11e0-ba12-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{392a09b4-fbfd-11e0-ba12-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{392a09b4-fbfd-11e0-ba12-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c0a7ffc-f299-11e0-8788-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{8c0a7ffc-f299-11e0-8788-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c0a8006-f299-11e0-8788-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{8c0a8006-f299-11e0-8788-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a4a0fd13-fa88-11e0-a698-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{a4a0fd13-fa88-11e0-a698-0016e6322a6b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e6fa4685-0226-11e1-a0aa-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{e6fa4685-0226-11e1-a0aa-0016e6322a6b}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{f4605591-e1db-11e0-9f2c-0016e6322a6b}\Shell - "" = AutoRun
O33 - MountPoints2\{f4605591-e1db-11e0-9f2c-0016e6322a6b}\Shell\AutoRun\command - "" = H:\setup.exe -- [2005.04.07 00:39:06 | 000,121,064 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {162FAA2E-A8E5-911A-A1A1-91EA62B626AF} - Offline Browsing Pack
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {F6951CCE-9EC9-9BA4-2C83-728E3D5499C8} - Microsoft Windows Media Player
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartSVN 6.6 (background).lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk - C:\Windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: MobileConnect - hkey= - key= - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.12 17:08:08 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Avira
[2012.01.12 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft Corporation
[2012.01.12 17:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.12 17:02:19 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.01.12 17:02:19 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.01.12 17:02:19 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.01.12 17:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.12 17:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.01.10 04:49:01 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lolcounterpick
[2012.01.10 04:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lolcounterpick
[2012.01.10 00:02:26 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Help
[2012.01.09 23:58:21 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Windows Search
[2012.01.09 22:23:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\Test
[2012.01.09 01:30:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\MonoDevelop-Unity
[2012.01.09 01:05:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\New Unity Project
[2012.01.09 00:36:32 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Unity
[2012.01.09 00:34:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\PACE Anti-Piracy
[2012.01.09 00:34:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\PACE Anti-Piracy
[2012.01.09 00:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012.01.09 00:33:53 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Unity
[2012.01.09 00:32:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2012.01.09 00:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2012.01.09 00:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2012.01.08 00:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.12.31 20:59:15 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\JGsoft
[2011.12.31 20:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPad Lite
[2011.12.31 20:59:10 | 000,067,312 | ---- | C] (Just Great Software) -- C:\Windows\UnDeployV.exe
[2011.12.31 20:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JGsoft
[2011.12.30 22:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\MAXON
[2011.12.30 22:16:15 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011.12.30 22:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
[2011.12.30 22:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAXON
[2011.12.30 22:13:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\MAXON
[2011.12.28 20:12:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011.12.28 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Wacom
[2011.12.28 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2011.12.28 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2011.12.28 20:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2011.12.28 20:05:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\WTablet
[2011.12.28 20:05:36 | 001,107,832 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
[2011.12.28 20:05:35 | 001,326,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll
[2011.12.28 20:05:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2011.12.28 20:05:09 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2011.12.28 20:04:43 | 001,392,504 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomMT.dll
[2011.12.28 20:04:43 | 001,156,472 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2011.12.28 20:04:43 | 001,152,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\WacomMT.dll
[2011.12.28 20:04:42 | 001,665,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2011.12.28 20:04:42 | 001,401,208 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2011.12.28 20:04:42 | 001,369,464 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2011.12.28 19:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2011.12.28 19:50:52 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2011.12.28 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011.12.28 16:14:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.12.26 16:07:06 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamers.IRC
[2011.12.26 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\mIRC
[2011.12.26 16:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gamers.IRC
[2011.12.22 16:47:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5064
[2011.12.22 16:47:38 | 000,351,184 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Philipp\AppData\Roaming\AcroIEHelpe068.dll
[2011.12.21 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5063
[2011.12.20 18:17:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\EurekaLog
[2011.12.20 15:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\True BoxShot
[2011.12.20 15:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True BoxShot
[2011.12.20 15:27:38 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\True BoxShot
[2011.12.20 15:07:34 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5062
[2011.12.19 15:29:39 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5061
[2011.12.17 02:26:46 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Local\QtN8MbDMHmZJnq
[2011.12.16 15:36:42 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5060
[2011.12.14 15:41:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5059
[2011.11.22 22:19:08 | 000,244,688 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Philipp\AppData\Roaming\AcroIEHelpe.dll
[2 C:\Users\Philipp\AppData\Roaming\*.tmp files -> C:\Users\Philipp\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.12 18:38:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.12 18:37:38 | 000,000,178 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2012.01.12 18:34:04 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 18:34:02 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 18:25:46 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.12 18:25:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.12 18:25:15 | 2409,275,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.12 17:02:41 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.12 04:02:43 | 000,000,132 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.10 19:09:48 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.01.10 19:09:48 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.01.10 00:36:52 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.10 00:36:52 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.10 00:36:52 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.10 00:36:52 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.10 00:36:52 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.09 19:19:57 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012.01.09 19:19:57 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012.01.09 19:19:57 | 000,040,960 | ---- | M] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012.01.09 02:37:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012.01.08 23:42:53 | 000,000,107 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\urhtps.dat
[2012.01.07 02:40:10 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.12.31 20:59:11 | 000,001,539 | ---- | M] () -- C:\Users\Public\Desktop\EditPad Lite.lnk
[2011.12.31 20:56:33 | 000,001,235 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.12.30 00:52:56 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2011.12.30 00:52:56 | 000,000,965 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.28 20:07:21 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2011.12.26 21:02:03 | 000,106,868 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.12.21 17:28:24 | 000,001,456 | ---- | M] () -- C:\Users\Philipp\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.21 17:15:26 | 000,000,132 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.12.16 14:44:11 | 005,789,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2 C:\Users\Philipp\AppData\Roaming\*.tmp files -> C:\Users\Philipp\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.12 18:37:38 | 000,000,178 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2012.01.12 17:02:41 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.10 19:09:48 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.01.09 19:20:30 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012.01.09 19:20:23 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012.01.09 19:20:23 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012.01.09 00:32:12 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2012.01.06 01:01:53 | 733,464,576 | R--- | C] () -- C:\1995 - Pocahontas.avi
[2011.12.31 20:59:11 | 000,001,539 | ---- | C] () -- C:\Users\Public\Desktop\EditPad Lite.lnk
[2011.12.31 20:56:33 | 000,001,235 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.12.28 20:07:21 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2011.12.28 19:50:47 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTouchTabletUserDefaults.xml
[2011.12.28 19:50:47 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTabletUserDefaults.xml
[2011.12.26 21:02:03 | 000,106,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.12.21 17:18:26 | 000,001,456 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.21 17:15:26 | 000,000,132 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.12.12 00:22:55 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.10 15:14:46 | 000,000,107 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\urhtps.dat
[2011.11.12 17:56:44 | 000,000,095 | ---- | C] () -- C:\Users\Philipp\AppData\Local\fusioncache.dat
[2011.11.12 17:54:06 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.04 22:54:29 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.11.04 22:42:49 | 000,028,511 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.08.16 15:31:42 | 000,000,132 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.07.31 19:11:43 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2011.07.31 19:11:43 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2011.07.31 19:11:42 | 000,000,317 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2011.07.31 19:11:18 | 000,003,518 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2011.07.31 19:11:18 | 000,000,132 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2011.07.31 19:11:13 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.11.22 22:19:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5047
[2011.11.23 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5048
[2011.11.24 12:56:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5049
[2011.11.25 23:29:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5050
[2011.11.28 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5051
[2011.12.01 19:33:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5052
[2011.12.04 15:36:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5053
[2011.12.09 20:32:06 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5054
[2011.12.10 15:43:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5055
[2011.12.12 14:45:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5056
[2011.12.13 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5058
[2011.12.14 15:41:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5059
[2011.12.16 15:36:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5060
[2011.12.19 15:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5061
[2011.12.20 15:07:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5062
[2011.12.21 16:27:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5063
[2011.12.22 16:47:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\5064
[2012.01.01 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Audacity
[2011.09.05 17:48:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited
[2011.11.17 19:01:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.13 17:22:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.18 20:11:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Pro
[2011.09.05 17:37:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DeepBurner
[2012.01.12 18:32:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[2011.12.20 18:19:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\EurekaLog
[2011.12.02 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ibruq
[2012.01.12 18:40:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ
[2011.09.29 14:20:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ImgBurn
[2011.08.13 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\IrfanView
[2011.12.31 20:59:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\JGsoft
[2011.11.22 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\kock
[2011.07.31 22:43:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LolClient
[2012.01.12 18:35:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Lyki
[2011.12.31 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAXON
[2012.01.10 00:15:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MonoDevelop-Unity
[2011.08.12 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2012.01.09 00:36:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PACE Anti-Piracy
[2011.11.15 17:57:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Processing
[2011.09.04 14:32:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.07 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Steinberg
[2011.12.12 14:44:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Subversion
[2011.12.12 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\syntevo
[2011.11.22 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer
[2011.08.14 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client
[2011.12.14 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\UAs
[2012.01.09 04:06:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Unity
[2011.10.09 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vodafone
[2011.11.07 15:21:30 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VST3 Presets
[2011.12.28 20:07:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Wacom
[2011.12.28 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.01.09 23:58:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Windows Search
[2012.01.12 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\xmldm
[2012.01.10 11:35:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.07.31 18:37:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.31 19:27:20 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.07.31 18:36:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.06 20:07:18 | 000,000,000 | ---D | M] -- C:\Game
[2011.07.31 19:12:12 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.08.13 17:22:51 | 000,000,000 | ---D | M] -- C:\Photoshop
[2011.12.30 22:19:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.12 17:02:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.12 17:02:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.07.31 18:36:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.31 18:36:44 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.13 17:14:12 | 000,000,000 | ---D | M] -- C:\skyrim
[2012.01.12 18:44:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.31 22:39:46 | 000,000,000 | ---D | M] -- C:\temp
[2011.07.31 18:47:59 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.31 20:59:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 12.01.2012 18:41:25 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Philipp\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,62% Memory free
5,98 Gb Paging File | 4,40 Gb Available in Paging File | 73,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 156,25 Gb Total Space | 6,21 Gb Free Space | 3,98% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 1,20 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
Drive E: | 203,40 Gb Total Space | 2,50 Gb Free Space | 1,23% Space Free | Partition Type: NTFS
Drive F: | 63,23 Gb Total Space | 0,74 Gb Free Space | 1,16% Space Free | Partition Type: NTFS
Drive H: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\ps5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\ps5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B1FBB92-6C47-4B2A-8778-67128C6788FF}" = TortoiseSVN 1.7.2.22327 (64 bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"Connectify" = Connectify
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164F4A4D-9564-4C61-BD10-CA24B4CBBC66}_is1" = SPEAR v0.7.4 r.148
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4D8E57C6-E1F7-404D-8930-ED93D9116D0F}_is1" = True BoxShot 2.1.1
"{4E86E575-2B04-4FEC-ADA3-72D47CB4777C}" = Cortona3D Viewer
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{709EAFEF-1DD2-48A6-AE53-13EF4D381940}" = SmartSVN 6.6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{77F1F861-524F-4EAC-B344-6F37F93F1903}" = VodafoneStartPackSetup
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.00.8048
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo II" = Diablo II
"EditPad Lite" = Just Great Software EditPad Lite DE 6.7.1
"facemoods" = Facemoods Toolbar
"Gamers.IRC" = Gamers.IRC 6.03
"Google Chrome" = Google Chrome
"GunboundIS_is1" = GunboundIS
"hon" = Heroes of Newerth
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"lolcounterpick_is1" = lolcounterpick
"LOLReplay" = LOLReplay
"ManiaPlanet_is1" = ManiaPlanet
"MAXON License Server" = MAXON License Server
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"Room Arranger" = Room Arranger
"SpeedFan" = SpeedFan (remove only)
"Steam App 440" = Team Fortress 2
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"TeamViewer 6" = TeamViewer 6
"True BoxShot for Adobe Photoshop®_is1" = True BoxShot for Adobe Photoshop® v1.1.2
"Unity" = Unity
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xampp" = XAMPP 1.7.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2012 18:52:16 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4363,
 Zeitstempel: 0x4ee68c41  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab86  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e41b  ID des fehlerhaften
 Prozesses: 0x38cc  Startzeit der fehlerhaften Anwendung: 0x01cccfe212b9072b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: bd8fa0bf-3bdd-11e1-bf1f-0016e6322a6b
 
Error - 10.01.2012 19:52:36 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4363,
 Zeitstempel: 0x4ee68c41  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab86  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00032a00  ID des fehlerhaften
 Prozesses: 0x4d14  Startzeit der fehlerhaften Anwendung: 0x01cccff1ca32dd2d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 2b864644-3be6-11e1-bf1f-0016e6322a6b
 
Error - 10.01.2012 21:00:57 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.4363,
 Zeitstempel: 0x4ee68bf9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab86  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022262  ID des fehlerhaften
 Prozesses: 0x4e38  Startzeit der fehlerhaften Anwendung: 0x01cccff1d08d5362  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b79b21c1-3bef-11e1-bf1f-0016e6322a6b
 
Error - 11.01.2012 12:14:29 | Computer Name = Philipp-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.01.2012 22:23:26 | Computer Name = Philipp-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12.01.2012 10:07:36 | Computer Name = Philipp-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12.01.2012 11:58:18 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4363,
 Zeitstempel: 0x4ee68c41  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e423  ID des fehlerhaften
 Prozesses: 0x1260  Startzeit der fehlerhaften Anwendung: 0x01ccd13635cf8a6d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 3dccad46-3d36-11e1-81a5-0016e6322a6b
 
Error - 12.01.2012 11:58:25 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.4363,
 Zeitstempel: 0x4ee68bf9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022262  ID des fehlerhaften
 Prozesses: 0x10cc  Startzeit der fehlerhaften Anwendung: 0x01ccd1364374859d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 41e1b1fe-3d36-11e1-81a5-0016e6322a6b
 
Error - 12.01.2012 12:03:01 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 12.01.2012 13:26:11 | Computer Name = Philipp-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 08.01.2012 12:13:06 | Computer Name = Philipp-PC | Source = NetBT | ID = 4321
Description = Der Name "PHILIPP-PC     :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.102  registriert werden. Der Computer mit IP-Adresse 192.168.2.100
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 09.01.2012 19:36:58 | Computer Name = Philipp-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 09.01.2012 21:41:46 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst TeamViewer6 erreicht.
 
Error - 11.01.2012 22:29:33 | Computer Name = Philipp-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{ADA3D1B8-6DA9-4E96-80AB-51A84212615F} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 11.01.2012 22:29:33 | Computer Name = Philipp-PC | Source = NetBT | ID = 4321
Description = Der Name "PHILIPP-PC     :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.102  registriert werden. Der Computer mit IP-Adresse 192.168.2.100
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.01.2012 22:29:33 | Computer Name = Philipp-PC | Source = NetBT | ID = 4321
Description = Der Name "PHILIPP-PC     :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.102  registriert werden. Der Computer mit IP-Adresse 192.168.2.100
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 12.01.2012 13:25:33 | Computer Name = Philipp-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?01.?2012 um 18:24:04 unerwartet heruntergefahren.
 
Error - 12.01.2012 13:27:24 | Computer Name = Philipp-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.01.2012 13:27:24 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 12.01.2012 13:27:24 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
__________________

Alt 12.01.2012, 19:14   #4
markusg
/// Malware-holic
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



hi
logs werden in zukunft bitte im forum angehangen
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [onsuu.exe] C:\Users\Philipp\AppData\Roaming\Ibruq\onsuu.exe ()
[2011.12.22 16:47:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5064
[2011.12.22 16:47:38 | 000,351,184 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Philipp\AppData\Roaming\AcroIEHelpe068.dll
[2011.12.21 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5063
[2011.12.20 15:07:34 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5062
[2011.12.19 15:29:39 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5061
[2011.12.17 02:26:46 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Local\QtN8MbDMHmZJnq
[2011.12.16 15:36:42 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5060
[2011.12.14 15:41:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\5059
[2011.11.22 22:19:08 | 000,244,688 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Philipp\AppData\Roaming\AcroIEHelpe.dll

 :Files
C:\Users\Philipp\AppData\Roaming\Ibruq
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.01.2012, 19:27   #5
elawolol
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



//////////////////////////


Alt 12.01.2012, 19:41   #6
markusg
/// Malware-holic
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



nö, das war nicht das was du hochladen solltest, noch mal lesen bitte
__________________
--> Trojaner - Onlinebanking gesperrt TR/bafi.A.X

Alt 12.01.2012, 19:44   #7
elawolol
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



//Oh man ich bin heute ein wenig verstrahlt, sorry - kommt sofort..
Jetzt aber! Danke für die Geduld

Ich lasse gerade noch einen Avira Scan laufen - habe mit den Funden aber noch nichts gemacht.
Da wird gerade auch noch einiges gefunden.. grml.. Logfile kommt dann gleich.


//Hat das Hochladen funktioniert?

Beginne mit der Suche in 'C:\Users\Philipp'
C:\Users\Philipp\AppData\Roaming\5047\components\AcroFF5.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5047\components\AcroFF6.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5047\components\AcroFF7.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5047\components\AcroFF8.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5048\components\AcroFF0485.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5048\components\AcroFF0486.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5048\components\AcroFF0487.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5048\components\AcroFF0488.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5049\components\AcroFF0495.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5049\components\AcroFF0496.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5049\components\AcroFF0497.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5049\components\AcroFF0498.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Agent.bvut
C:\Users\Philipp\AppData\Roaming\5050\components\AcroFF0505.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5050\components\AcroFF0506.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5050\components\AcroFF0507.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5050\components\AcroFF0508.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5051\components\AcroFF0510.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Croff.C
C:\Users\Philipp\AppData\Roaming\5051\components\AcroFF0515.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5051\components\AcroFF0516.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5051\components\AcroFF0517.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5051\components\AcroFF0518.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5052\components\AcroFF0520.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5052\components\AcroFF0525.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5052\components\AcroFF0526.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5052\components\AcroFF0527.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5052\components\AcroFF0528.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5053\components\AcroFF0530.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5053\components\AcroFF0535.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5053\components\AcroFF0536.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5053\components\AcroFF0537.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5053\components\AcroFF0538.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5054\components\AcroFF0540.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5054\components\AcroFF0545.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5054\components\AcroFF0546.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5054\components\AcroFF0547.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5054\components\AcroFF0548.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5055\components\AcroFF0550.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5055\components\AcroFF0555.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5055\components\AcroFF0556.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5055\components\AcroFF0557.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5055\components\AcroFF0558.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5056\components\AcroFF0560.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5056\components\AcroFF0565.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5056\components\AcroFF0566.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5056\components\AcroFF0567.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5056\components\AcroFF0568.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5058\components\AcroFF0580.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5058\components\AcroFF0585.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5058\components\AcroFF0586.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5058\components\AcroFF0587.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2
C:\Users\Philipp\AppData\Roaming\5058\components\AcroFF0588.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen2

Geändert von elawolol (12.01.2012 um 20:12 Uhr)

Alt 12.01.2012, 20:21   #8
markusg
/// Malware-holic
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



hi, danke erst mal für den upload. du hast die verschiedensten banker und zbot trojaner auf dem pc, dein system ist daher nicht mehr sicher.
wie du siehst ist solch ein unsicheres system nicht gut für den nutzer.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.01.2012, 20:26   #9
elawolol
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



Okay danke.. Ich hab bloß keine externe Festplatte zur Datensicherung.
Würde es reichen nur die C: Partition zu formatieren oder muss ich alles plätten?

Alt 12.01.2012, 20:53   #10
markusg
/// Malware-holic
 
Trojaner - Onlinebanking gesperrt  TR/bafi.A.X - Standard

Trojaner - Onlinebanking gesperrt TR/bafi.A.X



die c partition reicht
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojaner - Onlinebanking gesperrt TR/bafi.A.X
.dll, appdata, avira antivir, bytes, datei, datensicherung, desktop, ebanking, formatieren, free, gesperrt, mas, modul, namen, nt.dll, onlinebanking, programm, prozesse, roaming, rundll, rundll32.exe, tab, temp, trojaner, trojaner gefunden, trojanische pferd, windows, windows 7



Ähnliche Themen: Trojaner - Onlinebanking gesperrt TR/bafi.A.X


  1. Onlinebanking wurde wegen Trojaner gesperrt
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (18)
  2. Sparkasse Allgäu Trojaner - Onlinebanking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Windows 7: mitb Trojaner - Onlinebanking wurde von Bank gesperrt
    Log-Analyse und Auswertung - 04.06.2014 (1)
  4. Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll
    Log-Analyse und Auswertung - 04.06.2014 (11)
  5. Windows 7 - Onlinebanking durch Sparkasse gesperrt (Trojaner)
    Log-Analyse und Auswertung - 03.06.2014 (3)
  6. win7 firewall lässt sich nichtmehr aktivieren/onlinebanking gesperrt-vermutlich Trojaner
    Log-Analyse und Auswertung - 13.05.2014 (27)
  7. Onlinebanking-Trojaner Zeus2 / ZBot obwohl KEIN Onlinebanking genutzt wird
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (4)
  8. Trojaner auf dem Rechner und Onlinebanking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (3)
  9. Onlinebanking gesperrt durch Trojaner - ESET Online Scan
    Log-Analyse und Auswertung - 04.12.2012 (3)
  10. OnlineBanking gesperrt....
    Log-Analyse und Auswertung - 06.03.2012 (18)
  11. Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (4)
  12. Onlinebanking wegen Trojaner gesperrt?
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (13)
  13. Trojaner Gozi - Onlinebanking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 19.02.2011 (13)
  14. Onlinebanking gesperrt wg. Trojaner - Hijackthis findet portwexexe.exe
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (30)
  15. Onlinebanking Zugang gesperrt! Angeblich: Trojaner GOZI!
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (10)
  16. Trojaner eingefangen. Onlinebanking-Account gesperrt :(
    Log-Analyse und Auswertung - 03.11.2010 (23)
  17. onlinebanking gesperrt da anscheinend trojaner auf pc?
    Antiviren-, Firewall- und andere Schutzprogramme - 14.10.2010 (4)

Zum Thema Trojaner - Onlinebanking gesperrt TR/bafi.A.X - Hallo, Seit ein paar Tagen ist mein Onlinebanking gesperrt, weil sich jemand aus Asien auf meinen Account angemeldet habe. Das selbe bei meineM facebook Account. Avira hat einige Trojaner gefunden: - Trojaner - Onlinebanking gesperrt TR/bafi.A.X...
Archiv
Du betrachtest: Trojaner - Onlinebanking gesperrt TR/bafi.A.X auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.