Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mediashifting.com mit TR/Sirefef.J.637

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.01.2012, 13:33   #1
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Hallo zusammen!

Auf der Suche für eine Lösung meines Malwarefundes bin ich auf dieses Board gestoßen. Folgende Situation bereitet mir Sorgen:

Antivir Premium gibt mir die Meldung aus "Malware gefunden":
Code:
ATTFilter
In der Datei 'C:\User\XXX\AppData\Local\46f8b494\U\80000000.@ wurde ein Virus oder unerwünschtes Programm 'TR/Sirefef.J.637' gefunden
         
Der Zugriff wurde verweigert. Ein Klick auf den Button "Entfernen" hilft jedoch nicht. Kurze Zeit später kommt die Meldung erneut.

Im Firefox wird zudem beim Start ein neuer Tab mit der URL mediashifting.com aufgerufen. Die Seite Selbst scheint blockiert zu sein, da kein Inhalt aufgerufen wird und nur die Firefox Standard-Fehlermeldung erscheint.

Habe wie beschrieben Defogger und OTL laufen lassen. Hier die Logs:
OLT.txt:
Code:
ATTFilter
OTL logfile created on: 14.01.2012 10:40:42 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = E:\Users\XXX\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,12% Memory free
5,99 Gb Paging File | 4,63 Gb Available in Paging File | 77,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 34,14 Gb Free Space | 34,14% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 65,31 Gb Free Space | 65,31% Space Free | Partition Type: NTFS
Drive E: | 415,75 Gb Total Space | 50,86 Gb Free Space | 12,23% Space Free | Partition Type: NTFS
Drive F: | 315,77 Gb Total Space | 213,96 Gb Free Space | 67,76% Space Free | Partition Type: NTFS
Drive S: | 465,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
 
Computer Name: XXX-WIN7 | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.14 10:27:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Users\XXX\Downloads\OTL.exe
PRC - [2012.01.03 11:58:36 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.10.19 16:03:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.10.19 16:02:32 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2011.03.09 05:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\cbService.exe
PRC - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.11.25 14:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\System\SpeedFan\speedfan.exe
PRC - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.08.05 13:11:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.08.05 13:10:58 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.14 10:08:03 | 000,192,512 | ---- | M] () -- C:\Users\XXX\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.01.14 10:08:02 | 000,172,032 | ---- | M] () -- C:\Users\XXX\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.01.11 20:39:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012.01.11 20:39:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.26 17:51:11 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011.10.26 17:50:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011.10.26 17:50:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011.10.26 17:50:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011.10.26 17:45:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011.10.26 17:45:29 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011.10.26 17:45:17 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011.10.26 17:45:16 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011.10.26 17:45:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.26 17:45:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.26 17:44:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.26 17:44:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.26 17:44:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.26 17:44:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.26 17:44:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.03.08 23:24:12 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- C:\Windows\System32\mswsock.dll
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.05.31 15:49:20 | 015,096,320 | ---- | M] () -- C:\Program Files\Phase One\Capture One 5\WIC\ImgCoreDll.dll
MOD - [2010.05.31 15:49:18 | 000,701,440 | ---- | M] () -- C:\Program Files\Phase One\Capture One 5\WIC\OpenCoreDll.dll
MOD - [2009.07.14 09:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 09:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.03 11:58:36 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.12.22 19:28:31 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.05.24 12:44:40 | 007,237,024 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe -- (SamsungAllShare)
SRV - [2011.05.24 12:44:30 | 000,022,464 | ---- | M] (Samsung Electronics) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010.07.16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:14:41 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\System32\elnkupdateservice.dll -- (zpaction)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.08 14:46:13 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.27 02:25:56 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2011.10.27 02:25:56 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2011.10.27 02:25:56 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2011.10.27 02:25:56 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2011.10.19 16:03:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.09 22:28:10 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.09 05:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfyMP)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfy)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.20 09:39:44 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2010.11.19 10:38:05 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.13 18:20:22 | 000,050,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010.05.07 11:19:28 | 000,061,824 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCL01132.sys -- (SCL01132)
DRV - [2010.04.26 10:48:36 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010.04.18 21:06:43 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2010.04.07 09:51:20 | 000,171,240 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010.04.06 17:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 17:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 17:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010.03.18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 10:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.09.11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.09.11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.09.11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.09.11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.07.28 19:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.19 08:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009.06.19 08:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 08:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 10:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.12 15:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2007.09.17 15:30:34 | 000,117,120 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinTun.sys -- (PTDVB) Cinergy 1200 DVB-S Tuner (BDA)
DRV - [2007.09.17 15:30:34 | 000,062,976 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinCap.sys -- (Cap7146_DVB) Cinergy 1200 DVB-S Capture (BDA)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.01.30 20:03:36 | 000,205,312 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007.01.15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.11.28 09:18:46 | 000,337,216 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg121nd5.sys -- (wg121)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D DE F1 5A EC 9A CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.01.12 09:22:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 19:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 09:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.30 10:44:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.19 10:10:52 | 000,000,000 | ---D | M]
 
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.10 20:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.12.08 15:28:24 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.12.16 11:28:11 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.07.28 15:09:07 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.02.05 11:45:07 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.12.05 15:49:43 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.08.09 18:44:37 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011.01.07 19:44:58 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.12.18 18:32:12 | 000,000,000 | ---D | M] (AllowClipboard Helper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\{cda6db95-6aab-414b-803c-40cf34f589b5}
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\ctrl-tab@design-noir.de
[2010.11.18 23:20:12 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.11 10:37:26 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.xxx\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.10.30 10:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\5853x5o4.default\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions\staged
[2010.07.24 11:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\toolbar@ask.com
[2011.11.22 22:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.08 19:40:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.24 11:21:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.01.08 19:40:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.08 19:40:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.08 19:40:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 19:40:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.30 10:31:38 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.01.08 19:40:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 19:40:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.10.25 20:36:27 | 000,000,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll (AD ON Multimedia Advertising GmbH)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Power Manager] C:\Program Files\Gembird\Power Manager\pm.exe (Gembird Europe B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dexpot] C:\Program Files\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [StrokeIt] C:\Program Files\System\StrokeIt\strokeit.exe ()
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010.05.23 17:39:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk = C:\Program Files\System\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\mswsock.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3305EA17-9DD5-466B-BBBB-F59126F609D7}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECBE26F-7263-4D95-808F-2A256DEA3283}: NameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\xxx\AppData\Local\46f8b494\X) -C:\Users\xxx\AppData\Local\46f8b494\X ()
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d170c19a-be42-11de-bf5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d170c19a-be42-11de-bf5b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - 
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled - 
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: zpaction - C:\Windows\System32\elnkupdateservice.dll (Iomega)
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.13 23:58:31 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.01.13 23:53:41 | 000,000,000 | -HSD | C] -- C:\Users\xxx\AppData\Local\46f8b494
[2012.01.13 13:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012.01.12 19:14:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\riotsGamesLogs
[2012.01.12 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\LolClient
[2012.01.12 15:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.01.12 15:13:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\PMB Files
[2012.01.12 15:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.01.12 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.01.11 19:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneEdit Dynamic Update Client
[2012.01.11 19:51:59 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoneEdit Dynamic Update Client
[2012.01.11 19:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\zeDyn
[2012.01.10 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Wondershare PDF Converter
[2012.01.10 23:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012.01.10 23:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012.01.07 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\MediaMonkey
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft Robocopy GUI
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.01.05 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Eidos
[2012.01.05 15:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011.12.24 16:11:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\MAGIX_Music_Maker_17
[2011.12.24 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_17
[2011.12.24 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Memeo
[2011.12.24 11:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2011.12.24 11:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2011.12.24 11:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2011.12.15 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Nik Software
[2011.12.15 10:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nik Software
[2011.12.15 10:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2011.12.15 10:56:19 | 000,000,000 | ---D | C] -- C:\Windows\MSSecurityNS
[2011.12.15 10:56:19 | 000,000,000 | ---D | C] -- C:\Windows\MSSecurityNi
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.14 10:39:21 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.01.14 10:15:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.14 10:15:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.14 10:11:48 | 000,710,228 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.14 10:11:48 | 000,663,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.14 10:11:48 | 000,154,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.14 10:11:48 | 000,126,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.14 10:07:27 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.14 10:07:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.14 10:07:16 | 2415,206,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.13 13:19:33 | 000,069,120 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.13 11:58:37 | 000,001,264 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.12 15:44:38 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | M] () -- C:\Users\xxx\Documents\Default.rdp
[2011.12.25 18:05:49 | 000,491,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.24 16:10:19 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.14 10:39:21 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.01.13 23:55:14 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.12 15:44:38 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | C] () -- C:\Users\xxx\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,021 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Robocopy GUI.lnk
[2011.12.24 16:10:19 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
[2011.11.18 16:47:37 | 000,000,079 | ---- | C] () -- C:\Users\xxx\AppData\Local\CrystalDiskMark30.ini
[2011.10.31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.28 21:17:58 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.28 21:17:35 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.04.28 21:17:26 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.24 11:52:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.19 15:51:24 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.14 18:07:44 | 000,232,448 | ---- | C] () -- C:\Windows\System32\mswsock.dll
[2011.04.14 18:07:28 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2011.04.14 18:06:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.26 17:31:01 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.02.01 23:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.23 23:39:45 | 000,000,053 | ---- | C] () -- C:\Windows\Eraser.INI
[2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.11.06 16:04:11 | 000,000,395 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.05 11:40:30 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2010.08.07 17:33:29 | 000,000,093 | ---- | C] () -- C:\Users\xxx\AppData\Local\fusioncache.dat
[2010.08.05 21:32:31 | 000,000,000 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010.08.04 18:14:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 12:37:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.07.12 12:37:55 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.07 16:28:58 | 000,001,099 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\ShiftN.ini
[2010.04.19 20:44:09 | 000,138,056 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\PnkBstrK.sys
[2010.04.19 20:43:48 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.04.18 20:42:50 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.06 17:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2010.04.03 11:20:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.02 12:37:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.27 17:24:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.05 11:52:53 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2010.01.30 14:54:38 | 000,007,600 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2010.01.28 19:44:10 | 000,069,120 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.28 19:39:23 | 000,001,264 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.10.26 21:15:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 09:47:43 | 000,710,228 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,154,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,491,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,663,428 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,126,378 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\.pknowledge
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\avidemux
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\conkeror.mozdev.org
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Crazysoft
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.14 10:35:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dexpot
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\lingDIALOG
[2011.01.07 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Local
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\LolClient
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Memeo
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MyPhoneExplorer
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PunkBuster
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft
[2012.01.14 10:08:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spamihilator
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TV-Browser
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zeon
[2011.11.20 14:05:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.06.17 12:15:34 | 000,000,000 | ---D | M] -- C:\!KillBox
[2011.07.17 09:08:04 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.04.24 11:33:29 | 000,000,000 | ---D | M] -- C:\ATI
[2010.01.21 20:34:18 | 000,000,000 | ---D | M] -- C:\Contenido
[2010.04.02 15:06:31 | 000,000,000 | ---D | M] -- C:\divx
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.21 14:19:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.03 15:22:42 | 000,000,000 | ---D | M] -- C:\eSupport
[2010.03.03 20:01:30 | 000,000,000 | ---D | M] -- C:\Intel
[2010.03.30 18:55:39 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.01.07 14:27:08 | 000,000,000 | ---D | M] -- C:\PCShareManagerUpload
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.12 15:12:53 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.01.13 13:35:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.21 14:19:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.21 14:19:38 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.14 10:43:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.26 22:49:47 | 000,000,000 | ---D | M] -- C:\Temp
[2010.03.25 13:24:27 | 000,000,000 | R--D | M] -- C:\Users
[2010.04.16 12:41:20 | 000,000,000 | ---D | M] -- C:\v71012T_20100412_x32
[2010.07.05 08:46:19 | 000,000,000 | ---D | M] -- C:\v71016T_20100628_x32
[2012.01.13 23:54:33 | 000,000,000 | ---D | M] -- C:\Windows
[2009.10.21 15:00:32 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-13 08:45:28
 
<           >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB3475$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
Extras.txt als Anhang.

Wäre super, wenn ihr mir helfen könntet!
LG

Alt 14.01.2012, 17:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 15.01.2012, 16:53   #3
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Hey,
vielen Dank für die Antwort!
1. Scan mit Malwarebytes hat einiges Gefunden. ESET Ist nach 6 Stunden mit Bluescreen abestürzt. Hatte aber auch schon 9 Funde. Erneute Scans mit Malwarebytes finden immer noch Sachen. Trojanermeldung von Antivir erscheint ebenso noch wie der Mediashifting tab.

1. Vollscan:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.14.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-WIN7 [Administrator]

14.01.2012 18:23:40
mbam-log-2012-01-14 (18-23-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1576932
Laufzeit: 7 Stunde(n), 26 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Windows\System32\elnkupdateservice.dll (Rootkit.0Access) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 6
HKCR\CLSID\{28CF50DA-4A17-4442-BBF9-D916BFDE072C} (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{958EEF1C-FD1A-4CC9-AA50-76395822165F} (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{4E5531EE-C8AB-4FFD-81E0-CD345EB71164} (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CF50DA-4A17-4442-BBF9-D916BFDE072C} (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{28CF50DA-4A17-4442-BBF9-D916BFDE072C} (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CF50DA-4A17-4442-BBF9-D916BFDE072C} (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\***\AppData\Local\46f8b494\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 48
E:\Users\*** ***\Documents\Eigene Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Keine Aktion durchgeführt.
E:\Users\*** ***\Documents\Eigene Downloads\Setup\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Keine Aktion durchgeführt.
C:\Windows\System32\elnkupdateservice.dll (Rootkit.0Access) -> Löschen bei Neustart.
C:\ProgramData\PageshotsPro\pageshots_x86.dll (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\46f8b494\U\00000001.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\46f8b494\U\000000c0.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\46f8b494\U\000000cb.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\46f8b494\U\000000cf.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\46f8b494\U\800000c0.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\46f8b494\U\800000cb.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AXSZAP3\3[1].exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe (Spyware.Passwords.XGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Löschen bei Neustart.
D:\Program Files\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\*** ***\Documents\Eigene Downloads\Fun\Progs\fakedel.exe (PUP.Joke.RJLSoftware) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\*** ***\Documents\Eigene Downloads\Fun\Progs\avoid\avoid.exe (JokeApp.NotFunny) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\*** ***\Downloads\Lupo_PenSuite_v2011.04_Full\Apps\Extra\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\*** ***\Downloads\Lupo_PenSuite_v2011.04_Full\Apps\FDM Lite\dbghelp.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\*** ***\Downloads\Lupo_PenSuite_v2011.04_Full\Apps\FDM Lite\msvcp60.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\*** ***\Downloads\Lupo_PenSuite_v2011.04_Full\Apps\Notepad++\Notepad++.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\*** ***\Music\Alben\Staind\Staind - Shades of Grey\AlbumArtSmall.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-06-12 22;37;27\Lupo PenSuite v6.71 Full\Apps\CCleaner Portable\unicows.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-06-12 22;37;27\Lupo PenSuite v6.71 Full\Apps\Recuva Portable\unicows.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-11-18 20;00;52\Lupo_PenSuite_v2011.04_Full\Apps\Extra\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-11-18 20;00;52\Lupo_PenSuite_v2011.04_Full\Apps\FDM Lite\dbghelp.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-11-18 20;00;52\Lupo_PenSuite_v2011.04_Full\Apps\FDM Lite\msvcp60.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-11-18 20;00;52\Lupo_PenSuite_v2011.04_Full\Apps\Notepad++\Notepad++.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-12-23 20;01;00\Lupo_PenSuite_v2011.04_Full\Apps\Extra\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-12-23 20;01;00\Lupo_PenSuite_v2011.04_Full\Apps\FDM Lite\dbghelp.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-12-23 20;01;00\Lupo_PenSuite_v2011.04_Full\Apps\FDM Lite\msvcp60.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2011-12-23 20;01;00\Lupo_PenSuite_v2011.04_Full\Apps\Notepad++\Notepad++.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2012-01-06 20;01;50\Lupo_PenSuite_v2011.04_Full\Apps\Extra\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2012-01-06 20;01;50\Lupo_PenSuite_v2011.04_Full\Apps\FDM Lite\dbghelp.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2012-01-06 20;01;50\Lupo_PenSuite_v2011.04_Full\Apps\FDM Lite\msvcp60.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Downloads\Downloads 2012-01-06 20;01;50\Lupo_PenSuite_v2011.04_Full\Apps\Notepad++\Notepad++.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Musik\Music 2011-06-13 16;41;27\Alben\Staind\Staind - Shades of Grey\AlbumArtSmall.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Wichtiges\Documents 2011-12-24 12;07;17\Eigene Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Wichtiges\Documents 2011-12-24 12;07;17\Eigene Downloads\Fun\Progs\fakedel.exe (PUP.Joke.RJLSoftware) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Wichtiges\Documents 2011-12-24 12;07;17\Eigene Downloads\Fun\Progs\avoid\avoid.exe (JokeApp.NotFunny) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Wichtiges\Documents 2011-12-24 12;07;17\Eigene Downloads\Setup\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Wichtiges\Documents 2012-01-09 20;01;27\Eigene Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Wichtiges\Documents 2012-01-09 20;01;27\Eigene Downloads\Fun\Progs\fakedel.exe (PUP.Joke.RJLSoftware) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Wichtiges\Documents 2012-01-09 20;01;27\Eigene Downloads\Fun\Progs\avoid\avoid.exe (JokeApp.NotFunny) -> Erfolgreich gelöscht und in Quarantäne gestellt.
S:\Backup\Wichtiges\Documents 2012-01-09 20;01;27\Eigene Downloads\Setup\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
2. Schnellscan
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.15.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-WIN7 [Administrator]

15.01.2012 16:17:13
mbam-log-2012-01-15 (16-17-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201554
Laufzeit: 7 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\***\AppData\Local\46f8b494\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\System32\idsvc.dll (Rootkit.0Access) -> Löschen bei Neustart.

(Ende)
         
3. Schnellscan (wieder mehr!)
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.15.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-WIN7 [Administrator]

15.01.2012 16:45:27
mbam-log-2012-01-15 (16-51-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201600
Laufzeit: 5 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Windows\System32\savrtpel.dll (Rootkit.0Access) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\***\AppData\Local\46f8b494\X -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Windows\System32\savrtpel.dll (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt.

(Ende)
         
Sieht nicht gut aus, oder?
LG
__________________

Alt 15.01.2012, 18:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Nicht wirklich. Du solltest überlegen ob eine Neuinstallation nicht doch besser wäre.
Probier ESET bitte nochmal aus
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.01.2012, 11:32   #5
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Ja, spiele mit dem Gedanken der Neuinstallation
Hier jetzt der erfolgreiche Log des ESET:
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d885aaa237b5840b9877d59b7327ada
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-16 10:26:13
# local_time=2012-01-16 11:26:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6739961 6739961 0 0
# compatibility_mode=5893 16776574 66 94 177072 78299928 0 0
# compatibility_mode=8192 67108863 100 0 56487 56487 0 0
# scanned=1336981
# found=20
# cleaned=0
# scan_time=40835
C:\Users\***\AppData\Local\46f8b494\X	Win32/Sirefef.DD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\46f8b494\U\00000001.@	a variant of Win32/Sirefef.CR trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\46f8b494\U\80000000.@	probably a variant of Win32/Sirefef.DV trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\46f8b494\U\800000c0.@	a variant of Win32/Sirefef.CH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\46f8b494\U\800000cb.@	a variant of Win32/Agent.TEO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\46f8b494\U\800000cf.@	probably a variant of Win32/Sirefef.DV trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\System32\drivers\netbt.sys	Win32/Sirefef.DA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys	Win32/Sirefef.DA trojan (unable to clean)	00000000000000000000000000000000	I
D:\Program Files\System\AntiTwin\eBay_Setup_shortcuts_1018.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
E:\Users\*** ***\Documents\Eigene Downloads\Fun\fallicon.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
E:\Users\*** ***\Downloads\Setup\2008-07-31\MyPhoneExplorer_Setup_1.6.7.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
E:\Users\*** ***\Downloads\WIN7 SETUP\icq_6.5_build_2024_banner_remover.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
S:\Backup\Downloads\Downloads 2011-06-12 22;37;27\Lupo PenSuite v6.71 Full\Apps\Extra\Registry\RegScanner\RegScanner.exe	probably a variant of Win32/Agent.LRVLLDB trojan (unable to clean)	00000000000000000000000000000000	I
S:\Backup\Downloads\Downloads 2011-06-12 22;37;27\Setup\2008-07-31\MyPhoneExplorer_Setup_1.6.7.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
S:\Backup\Downloads\Downloads 2011-06-12 22;37;27\WIN7 SETUP\icq_6.5_build_2024_banner_remover.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
S:\Backup\Downloads\Downloads 2011-12-23 20;01;00\Setup\2008-07-31\MyPhoneExplorer_Setup_1.6.7.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
S:\Backup\Downloads\Downloads 2011-12-23 20;01;00\WIN7 SETUP\icq_6.5_build_2024_banner_remover.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
S:\Backup\Wichtiges\Documents 2011-12-24 12;07;17\Eigene Downloads\Fun\fallicon.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
S:\Backup\Wichtiges\Documents 2012-01-09 20;01;27\Eigene Downloads\Fun\fallicon.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
${Memory}	multiple threats	00000000000000000000000000000000	I
         
Danke für die Bemühungen!


Alt 16.01.2012, 14:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Mediashifting.com mit TR/Sirefef.J.637

Alt 16.01.2012, 16:49   #7
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Hier ein neues OLT Log

Code:
ATTFilter
OTL logfile created on: 16.01.2012 16:18:00 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = E:\Users\*** ***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,58% Memory free
5,99 Gb Paging File | 4,42 Gb Available in Paging File | 73,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 32,30 Gb Free Space | 32,30% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 65,31 Gb Free Space | 65,31% Space Free | Partition Type: NTFS
Drive E: | 415,75 Gb Total Space | 50,85 Gb Free Space | 12,23% Space Free | Partition Type: NTFS
Drive F: | 315,77 Gb Total Space | 213,96 Gb Free Space | 67,76% Space Free | Partition Type: NTFS
Drive H: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive S: | 465,76 Gb Total Space | 73,48 Gb Free Space | 15,78% Space Free | Partition Type: NTFS
 
Computer Name: ***-WIN7 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.14 10:27:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Users\*** ***\Downloads\OTL.exe
PRC - [2012.01.03 11:58:36 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.11.08 13:27:50 | 001,421,312 | ---- | M] (Dexpot GbR) -- C:\Program Files\Dexpot\dexpot.exe
PRC - [2011.11.08 13:27:50 | 000,155,648 | ---- | M] (Dexpot GbR) -- C:\Program Files\Dexpot\plugins\dexcube.exe
PRC - [2011.10.19 16:03:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.10.19 16:02:32 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2011.03.09 05:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\cbService.exe
PRC - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.11.25 14:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\System\SpeedFan\speedfan.exe
PRC - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.08.05 13:11:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.08.05 13:10:58 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.15 20:46:20 | 000,192,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.01.15 20:46:20 | 000,172,032 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.01.11 20:39:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012.01.11 20:39:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.26 17:51:11 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011.10.26 17:50:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011.10.26 17:50:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011.10.26 17:45:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011.10.26 17:45:29 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011.10.26 17:45:17 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011.10.26 17:45:16 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011.10.26 17:45:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.26 17:45:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.26 17:44:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.26 17:44:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.26 17:44:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.26 17:44:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.26 17:44:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.03.08 23:24:12 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.07.04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010.05.31 15:49:20 | 015,096,320 | ---- | M] () -- C:\Program Files\Phase One\Capture One 5\WIC\ImgCoreDll.dll
MOD - [2010.05.31 15:49:18 | 000,701,440 | ---- | M] () -- C:\Program Files\Phase One\Capture One 5\WIC\OpenCoreDll.dll
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.07.14 09:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 09:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
MOD - [2002.09.18 02:27:28 | 000,180,224 | ---- | M] () -- C:\Program Files\Exifer\ExiferShellExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (zpaction)
SRV - File not found [Auto | Stopped] --  -- (qserver)
SRV - File not found [Auto | Stopped] --  -- (nvatabus)
SRV - File not found [Auto | Stopped] --  -- (gmer)
SRV - [2012.01.03 11:58:36 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.12.22 19:28:31 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.05.24 12:44:40 | 007,237,024 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe -- (SamsungAllShare)
SRV - [2011.05.24 12:44:30 | 000,022,464 | ---- | M] (Samsung Electronics) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010.07.16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:14:41 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\System32\isdrv120.dll -- (nvidesm)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.08 14:46:13 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.27 02:25:56 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2011.10.27 02:25:56 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2011.10.27 02:25:56 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2011.10.27 02:25:56 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2011.10.19 16:03:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.09 22:28:10 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.09 05:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfyMP)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfy)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.20 09:39:44 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2010.11.19 10:38:05 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.13 18:20:22 | 000,050,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010.05.07 11:19:28 | 000,061,824 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCL01132.sys -- (SCL01132)
DRV - [2010.04.26 10:48:36 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010.04.18 21:06:43 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2010.04.07 09:51:20 | 000,171,240 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010.04.06 17:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 17:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 17:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010.03.18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 10:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.09.11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.09.11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.09.11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.09.11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.07.28 19:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.19 08:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009.06.19 08:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 08:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 10:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.12 15:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2007.09.17 15:30:34 | 000,117,120 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinTun.sys -- (PTDVB) Cinergy 1200 DVB-S Tuner (BDA)
DRV - [2007.09.17 15:30:34 | 000,062,976 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinCap.sys -- (Cap7146_DVB) Cinergy 1200 DVB-S Capture (BDA)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.01.30 20:03:36 | 000,205,312 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007.01.15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.11.28 09:18:46 | 000,337,216 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg121nd5.sys -- (wg121)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 DB 84 9F 5E D3 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.01.12 09:22:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 19:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 09:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.30 10:44:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.19 10:10:52 | 000,000,000 | ---D | M]
 
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.10 20:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.12.08 15:28:24 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.12.16 11:28:11 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.07.28 15:09:07 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.02.05 11:45:07 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.12.05 15:49:43 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.08.09 18:44:37 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011.01.07 19:44:58 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.12.18 18:32:12 | 000,000,000 | ---D | M] (AllowClipboard Helper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{cda6db95-6aab-414b-803c-40cf34f589b5}
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\ctrl-tab@design-noir.de
[2010.11.18 23:20:12 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.11 10:37:26 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.10.30 10:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5853x5o4.default\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions\staged
[2010.07.24 11:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\toolbar@ask.com
[2011.11.22 22:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.08 19:40:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.24 11:21:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.01.08 19:40:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.08 19:40:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.08 19:40:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 19:40:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.30 10:31:38 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.01.08 19:40:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 19:40:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.10.25 20:36:27 | 000,000,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Power Manager] C:\Program Files\Gembird\Power Manager\pm.exe (Gembird Europe B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dexpot] C:\Program Files\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [StrokeIt] C:\Program Files\System\StrokeIt\strokeit.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010.05.23 17:39:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk = C:\Program Files\System\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3305EA17-9DD5-466B-BBBB-F59126F609D7}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECBE26F-7263-4D95-808F-2A256DEA3283}: NameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Local\46f8b494\X) -C:\Users\***\AppData\Local\46f8b494\X ()
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d170c19a-be42-11de-bf5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d170c19a-be42-11de-bf5b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: zpaction -  File not found
NetSvcs: qserver -  File not found
NetSvcs: nvidesm - C:\Windows\System32\isdrv120.dll (Iomega)
NetSvcs: gmer -  File not found
NetSvcs: nvatabus -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: prwntdrv - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - C:\Windows\System32\drivers\netbt.sys ()
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: prwntdrv - Reg Error: Value error.
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - 
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled - 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.15 09:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.14 15:21:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.01.14 15:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.14 15:21:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.14 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.14 15:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.13 23:58:31 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.01.13 23:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\46f8b494
[2012.01.13 13:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012.01.12 19:14:44 | 000,000,000 | ---D | C] -- C:\Users\***\riotsGamesLogs
[2012.01.12 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient
[2012.01.12 15:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.01.12 15:13:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PMB Files
[2012.01.12 15:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.01.12 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.01.11 19:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneEdit Dynamic Update Client
[2012.01.10 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Wondershare PDF Converter
[2012.01.10 23:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012.01.10 23:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012.01.07 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft Robocopy GUI
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.01.05 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eidos
[2012.01.05 15:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011.12.24 16:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Music_Maker_17
[2011.12.24 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_17
[2011.12.24 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Memeo
[2011.12.24 11:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2011.12.24 11:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2011.12.24 11:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.15 20:54:07 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.15 20:54:07 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.15 20:45:54 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.15 20:45:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.15 20:45:43 | 2415,206,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.15 20:40:35 | 387,113,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.15 20:09:51 | 000,710,228 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.15 20:09:51 | 000,663,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.15 20:09:51 | 000,154,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.15 20:09:51 | 000,126,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.14 15:21:18 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.14 14:29:37 | 000,001,212 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.14 11:02:37 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\f61dpqf4.exe
[2012.01.14 10:39:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.13 13:19:33 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.12 15:44:38 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,061 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Robocopy GUI.lnk
[2012.01.05 18:20:52 | 000,000,206 | ---- | M] () -- C:\Users\***\Desktop\Portal.url
[2011.12.25 18:05:49 | 000,491,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.24 16:10:19 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.14 18:21:29 | 387,113,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.14 16:56:25 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\f61dpqf4.exe
[2012.01.14 15:21:18 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.14 10:39:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.13 23:55:14 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.12 15:44:38 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,061 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Robocopy GUI.lnk
[2012.01.06 17:53:19 | 000,003,021 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Robocopy GUI.lnk
[2012.01.05 18:20:52 | 000,000,206 | ---- | C] () -- C:\Users\***\Desktop\Portal.url
[2011.12.24 16:10:19 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
[2011.11.18 16:47:37 | 000,000,079 | ---- | C] () -- C:\Users\***\AppData\Local\CrystalDiskMark30.ini
[2011.10.31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.28 21:17:58 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.28 21:17:35 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.04.28 21:17:26 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.24 11:52:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.19 15:51:24 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.14 18:07:28 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2011.04.14 18:06:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.26 17:31:01 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.02.01 23:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.23 23:39:45 | 000,000,053 | ---- | C] () -- C:\Windows\Eraser.INI
[2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.11.06 16:04:11 | 000,000,395 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.05 11:40:30 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2010.08.07 17:33:29 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.08.05 21:32:31 | 000,000,000 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010.08.04 18:14:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 12:37:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.07.12 12:37:55 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.07 16:28:58 | 000,001,099 | ---- | C] () -- C:\Users\***\AppData\Roaming\ShiftN.ini
[2010.04.19 20:44:09 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.19 20:43:48 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.04.18 20:42:50 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.06 17:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2010.04.03 11:20:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.02 12:37:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.27 17:24:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.05 11:52:53 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2010.01.30 14:54:38 | 000,007,600 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.01.28 19:44:10 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.28 19:39:23 | 000,001,212 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.10.26 21:15:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 09:47:43 | 000,710,228 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,154,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,491,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,663,428 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,126,378 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.pknowledge
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\conkeror.mozdev.org
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crazysoft
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.15 17:19:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dexpot
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingDIALOG
[2011.01.07 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2012.01.15 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2011.11.20 14:05:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.pknowledge
[2011.04.19 10:11:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.05.03 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.04.24 11:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2011.10.29 23:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\conkeror.mozdev.org
[2010.01.28 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crazysoft
[2010.03.05 12:13:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Creative
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.15 17:19:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dexpot
[2010.03.31 17:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.07.18 17:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.10.21 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2009.10.21 17:02:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.04.17 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel Corporation
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingDIALOG
[2011.01.07 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2010.07.08 15:25:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2010.07.08 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.08.09 19:07:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.14 15:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2011.12.21 10:43:49 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.01.06 17:53:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Microsoft Robocopy GUI
[2009.10.26 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010.03.29 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2010.04.23 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2010.03.05 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2011.10.30 17:54:46 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2012.01.15 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.27 19:46:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.05.25 14:04:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation
[2012.01.15 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2010.05.12 22:13:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun
[2009.10.26 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Talkback
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2011.02.15 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2011.12.12 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.01.31 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.01.29 06:39:18 | 004,689,306 | ---- | M] (Phil Harvey) -- C:\Users\***\AppData\Roaming\GeoSetter\tools\exiftool.exe
[2010.07.06 13:34:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.01.06 17:53:19 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{107C666F-63C5-4263-8D40-8B9CFB5FED08}\_3995960CB1E9C3E7D1AB19.exe
[2012.01.06 17:53:19 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{107C666F-63C5-4263-8D40-8B9CFB5FED08}\_7D7DA06457C4EB49E1DD79.exe
[2010.09.05 13:17:19 | 000,003,584 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009.11.08 18:23:32 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2010.09.19 21:37:35 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_3207B59E601B5F75D71B21.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_6FEFF9B68218417F98F549.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_93A0BD079836122C39D406.exe
[2010.07.09 10:35:22 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011.04.19 10:12:28 | 000,014,846 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}\FileOpenNew.exe
[2010.09.29 19:53:31 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.07.11 11:40:42 | 000,002,238 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{EAEFE468-1A5D-49A6-8286-D74C6261CE75}\_744700CFCD6A03D1A3FD79.exe
[2011.01.31 02:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.04.23 13:51:25 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\FlashGot.exe
[2011.12.13 16:57:24 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe
[2011.12.13 16:57:20 | 000,068,096 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe
[2011.02.17 21:39:13 | 000,835,440 | R--- | M] () -- C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
[2011.12.04 16:15:39 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2011.11.02 16:51:52 | 000,928,656 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.11.02 16:51:56 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.11.02 16:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.10.31 11:23:28 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.10.31 11:23:28 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.10.31 11:23:28 | 000,690,688 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.11.02 16:51:58 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.10.31 11:23:12 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.10.31 11:23:12 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.11.02 16:52:04 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.11.02 16:52:06 | 000,021,392 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.11.02 16:52:08 | 003,571,576 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.11.02 16:52:10 | 000,391,568 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.02 16:17:54 | 000,392,080 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\temp\cleanup.exe
         
2. Teil im nächsten Post

Gruß

Alt 16.01.2012, 16:50   #8
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Code:
ATTFilter
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.03.09 05:53:44 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB3475$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         

Alt 16.01.2012, 20:21   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Zitat:
(McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.10.19 16:03:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
Sowas geht nicht.Deinstalliere entweder McAfee oder AntiVir. Mach danach wieder ein neues OTL-Log.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.01.2012, 12:03   #10
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



War aber "nur" der Siteadvisor?! Hab ihn deinstalliert und neues Log gemacht:

Code:
ATTFilter
OTL logfile created on: 17.01.2012 11:46:34 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = E:\Users\*** ***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,91% Memory free
5,99 Gb Paging File | 4,86 Gb Available in Paging File | 81,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 35,25 Gb Free Space | 35,25% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 65,31 Gb Free Space | 65,31% Space Free | Partition Type: NTFS
Drive E: | 415,75 Gb Total Space | 50,85 Gb Free Space | 12,23% Space Free | Partition Type: NTFS
Drive F: | 315,77 Gb Total Space | 213,96 Gb Free Space | 67,76% Space Free | Partition Type: NTFS
Drive H: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive S: | 465,76 Gb Total Space | 73,48 Gb Free Space | 15,78% Space Free | Partition Type: NTFS
 
Computer Name: ***-WIN7 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.14 10:27:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Users\*** ***\Downloads\OTL.exe
PRC - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.10.19 16:03:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.10.19 16:02:32 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2011.03.09 05:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\cbService.exe
PRC - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.11.25 14:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\System\SpeedFan\speedfan.exe
PRC - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.08.05 13:11:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.08.05 13:10:58 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.17 11:16:06 | 000,192,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.01.17 11:15:58 | 000,172,032 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.01.11 20:39:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012.01.11 20:39:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.26 17:50:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011.10.26 17:45:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.26 17:45:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.26 17:44:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.26 17:44:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.26 17:44:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.26 17:44:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.26 17:44:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 09:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (zpaction)
SRV - File not found [Auto | Stopped] --  -- (qserver)
SRV - File not found [Auto | Stopped] --  -- (nvatabus)
SRV - File not found [Auto | Stopped] --  -- (gmer)
SRV - File not found [Auto | Stopped] --  -- (0099241326796378mcinstcleanup) McAfee Application Installer Cleanup (0099241326796378)
SRV - [2011.12.22 19:28:31 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.05.24 12:44:40 | 007,237,024 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe -- (SamsungAllShare)
SRV - [2011.05.24 12:44:30 | 000,022,464 | ---- | M] (Samsung Electronics) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010.07.16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:14:41 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\System32\isdrv120.dll -- (nvidesm)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.08 14:46:13 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.27 02:25:56 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2011.10.27 02:25:56 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2011.10.27 02:25:56 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2011.10.27 02:25:56 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2011.10.19 16:03:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.09 22:28:10 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.09 05:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfyMP)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfy)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.19 10:38:05 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.13 18:20:22 | 000,050,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010.05.07 11:19:28 | 000,061,824 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCL01132.sys -- (SCL01132)
DRV - [2010.04.26 10:48:36 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010.04.18 21:06:43 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2010.04.07 09:51:20 | 000,171,240 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010.04.06 17:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 17:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 17:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010.03.18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 10:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.09.11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.09.11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.09.11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.09.11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.07.28 19:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.19 08:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009.06.19 08:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 08:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 10:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.12 15:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2007.09.17 15:30:34 | 000,117,120 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinTun.sys -- (PTDVB) Cinergy 1200 DVB-S Tuner (BDA)
DRV - [2007.09.17 15:30:34 | 000,062,976 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinCap.sys -- (Cap7146_DVB) Cinergy 1200 DVB-S Capture (BDA)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.01.30 20:03:36 | 000,205,312 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007.01.15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.11.28 09:18:46 | 000,337,216 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg121nd5.sys -- (wg121)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 DB 84 9F 5E D3 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 19:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 09:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.30 10:44:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.19 10:10:52 | 000,000,000 | ---D | M]
 
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.10 20:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.12.08 15:28:24 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.12.16 11:28:11 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.07.28 15:09:07 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.02.05 11:45:07 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.12.05 15:49:43 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.08.09 18:44:37 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011.01.07 19:44:58 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.12.18 18:32:12 | 000,000,000 | ---D | M] (AllowClipboard Helper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{cda6db95-6aab-414b-803c-40cf34f589b5}
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\ctrl-tab@design-noir.de
[2010.11.18 23:20:12 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.11 10:37:26 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.10.30 10:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5853x5o4.default\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions\staged
[2010.07.24 11:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\toolbar@ask.com
[2011.11.22 22:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.08 19:40:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.24 11:21:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.01.08 19:40:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.08 19:40:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.08 19:40:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 19:40:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.30 10:31:38 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.01.08 19:40:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 19:40:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.10.25 20:36:27 | 000,000,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Power Manager] C:\Program Files\Gembird\Power Manager\pm.exe (Gembird Europe B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dexpot] C:\Program Files\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [StrokeIt] C:\Program Files\System\StrokeIt\strokeit.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010.05.23 17:39:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk = C:\Program Files\System\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3305EA17-9DD5-466B-BBBB-F59126F609D7}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECBE26F-7263-4D95-808F-2A256DEA3283}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Local\46f8b494\X) -C:\Users\***\AppData\Local\46f8b494\X ()
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d170c19a-be42-11de-bf5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d170c19a-be42-11de-bf5b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: zpaction -  File not found
NetSvcs: qserver -  File not found
NetSvcs: nvidesm - C:\Windows\System32\isdrv120.dll (Iomega)
NetSvcs: gmer -  File not found
NetSvcs: nvatabus -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: prwntdrv - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: prwntdrv - Reg Error: Value error.
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - 
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled - 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
         

Alt 17.01.2012, 12:04   #11
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Fortsetzung:
Code:
ATTFilter
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.15 09:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.14 15:21:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.01.14 15:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.14 15:21:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.14 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.14 15:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.13 23:58:31 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.01.13 23:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\46f8b494
[2012.01.13 13:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012.01.12 19:14:44 | 000,000,000 | ---D | C] -- C:\Users\***\riotsGamesLogs
[2012.01.12 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient
[2012.01.12 15:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.01.12 15:13:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PMB Files
[2012.01.12 15:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.01.12 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.01.11 19:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneEdit Dynamic Update Client
[2012.01.10 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Wondershare PDF Converter
[2012.01.10 23:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012.01.10 23:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012.01.07 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft Robocopy GUI
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.01.05 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eidos
[2012.01.05 15:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011.12.24 16:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Music_Maker_17
[2011.12.24 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_17
[2011.12.24 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Memeo
[2011.12.24 11:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2011.12.24 11:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2011.12.24 11:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.17 11:32:54 | 000,000,000 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2012.01.17 11:24:28 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 11:24:28 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 11:14:43 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.17 11:14:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.17 11:14:16 | 2415,206,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.15 20:40:35 | 387,113,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.15 20:09:51 | 000,710,228 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.15 20:09:51 | 000,663,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.15 20:09:51 | 000,154,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.15 20:09:51 | 000,126,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.14 15:21:18 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.14 14:29:37 | 000,001,212 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.14 11:02:37 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\f61dpqf4.exe
[2012.01.14 10:39:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.13 13:19:33 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.12 15:44:38 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,061 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Robocopy GUI.lnk
[2012.01.05 18:20:52 | 000,000,206 | ---- | M] () -- C:\Users\***\Desktop\Portal.url
[2011.12.25 18:05:49 | 000,491,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.24 16:10:19 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.17 11:32:54 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2012.01.14 18:21:29 | 387,113,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.14 16:56:25 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\f61dpqf4.exe
[2012.01.14 15:21:18 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.14 10:39:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.13 23:55:14 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.12 15:44:38 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,061 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Robocopy GUI.lnk
[2012.01.06 17:53:19 | 000,003,021 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Robocopy GUI.lnk
[2012.01.05 18:20:52 | 000,000,206 | ---- | C] () -- C:\Users\***\Desktop\Portal.url
[2011.12.24 16:10:19 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
[2011.11.18 16:47:37 | 000,000,079 | ---- | C] () -- C:\Users\***\AppData\Local\CrystalDiskMark30.ini
[2011.10.31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.28 21:17:58 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.28 21:17:35 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.04.28 21:17:26 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.24 11:52:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.19 15:51:24 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.14 18:06:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.26 17:31:01 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.02.01 23:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.23 23:39:45 | 000,000,053 | ---- | C] () -- C:\Windows\Eraser.INI
[2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.11.06 16:04:11 | 000,000,395 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.05 11:40:30 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2010.08.07 17:33:29 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.08.05 21:32:31 | 000,000,000 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010.08.04 18:14:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 12:37:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.07.12 12:37:55 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.07 16:28:58 | 000,001,099 | ---- | C] () -- C:\Users\***\AppData\Roaming\ShiftN.ini
[2010.04.19 20:44:09 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.19 20:43:48 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.04.18 20:42:50 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.06 17:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2010.04.03 11:20:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.02 12:37:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.27 17:24:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.05 11:52:53 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2010.01.30 14:54:38 | 000,007,600 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.01.28 19:44:10 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.28 19:39:23 | 000,001,212 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.10.26 21:15:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 09:47:43 | 000,710,228 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,154,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,491,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,663,428 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,126,378 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.pknowledge
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\conkeror.mozdev.org
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crazysoft
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.17 11:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dexpot
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingDIALOG
[2011.01.07 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2012.01.17 11:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2011.11.20 14:05:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.pknowledge
[2011.04.19 10:11:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.05.03 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.04.24 11:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2011.10.29 23:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\conkeror.mozdev.org
[2010.01.28 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crazysoft
[2010.03.05 12:13:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Creative
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.17 11:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dexpot
[2010.03.31 17:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.07.18 17:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.10.21 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2009.10.21 17:02:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.04.17 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel Corporation
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingDIALOG
[2011.01.07 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2010.07.08 15:25:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2010.07.08 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.08.09 19:07:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.14 15:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2011.12.21 10:43:49 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.01.06 17:53:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Microsoft Robocopy GUI
[2009.10.26 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010.03.29 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2010.04.23 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2010.03.05 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2011.10.30 17:54:46 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2012.01.17 11:33:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.27 19:46:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.05.25 14:04:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation
[2012.01.17 11:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2010.05.12 22:13:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun
[2009.10.26 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Talkback
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2011.02.15 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2011.12.12 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.01.31 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.01.29 06:39:18 | 004,689,306 | ---- | M] (Phil Harvey) -- C:\Users\***\AppData\Roaming\GeoSetter\tools\exiftool.exe
[2010.07.06 13:34:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.01.06 17:53:19 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{107C666F-63C5-4263-8D40-8B9CFB5FED08}\_3995960CB1E9C3E7D1AB19.exe
[2012.01.06 17:53:19 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{107C666F-63C5-4263-8D40-8B9CFB5FED08}\_7D7DA06457C4EB49E1DD79.exe
[2010.09.05 13:17:19 | 000,003,584 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009.11.08 18:23:32 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2010.09.19 21:37:35 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_3207B59E601B5F75D71B21.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_6FEFF9B68218417F98F549.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_93A0BD079836122C39D406.exe
[2010.07.09 10:35:22 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011.04.19 10:12:28 | 000,014,846 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}\FileOpenNew.exe
[2010.09.29 19:53:31 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.07.11 11:40:42 | 000,002,238 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{EAEFE468-1A5D-49A6-8286-D74C6261CE75}\_744700CFCD6A03D1A3FD79.exe
[2011.01.31 02:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.04.23 13:51:25 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\FlashGot.exe
[2011.12.13 16:57:24 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe
[2011.12.13 16:57:20 | 000,068,096 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe
[2011.02.17 21:39:13 | 000,835,440 | R--- | M] () -- C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
[2011.12.04 16:15:39 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2011.11.02 16:51:52 | 000,928,656 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.11.02 16:51:56 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.11.02 16:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.10.31 11:23:28 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.10.31 11:23:28 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.10.31 11:23:28 | 000,690,688 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.11.02 16:51:58 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.10.31 11:23:12 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.10.31 11:23:12 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.11.02 16:52:04 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.11.02 16:52:06 | 000,021,392 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.11.02 16:52:08 | 003,571,576 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.11.02 16:52:10 | 000,391,568 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.02 16:17:54 | 000,392,080 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\temp\cleanup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB3475$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         

Alt 17.01.2012, 13:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Hm, sah nach weiterem Virenscaner aus. Ist aber eh besser weil ich von diesem SiteAdvisor-Geraffel eh nichts halte. Das Grundproblem mit Malware kann man eh nicht vernünftig lösen indem man immer mehr und mehr Virenscanner nutzt (für die Bereinigung unterstützen uns aber die reinen Manuell-Scanner MBAM/SASW und ESET )

Zitat:
SRV - File not found [Auto | Stopped] -- -- (0099241326796378mcinstcleanup) McAfee Application Installer Cleanup (0099241326796378)
Du hast Windows ganz sicher neugestartet nach der Deinstallation von McAfee? Ich glaub das so nämlich noch nicht
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.01.2012, 14:06   #13
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Kann gar nicht sein

Code:
ATTFilter
OTL logfile created on: 17.01.2012 13:50:14 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = E:\Users\*** ***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,83% Memory free
5,99 Gb Paging File | 4,72 Gb Available in Paging File | 78,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 35,19 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 65,31 Gb Free Space | 65,31% Space Free | Partition Type: NTFS
Drive E: | 415,75 Gb Total Space | 50,85 Gb Free Space | 12,23% Space Free | Partition Type: NTFS
Drive F: | 315,77 Gb Total Space | 213,96 Gb Free Space | 67,76% Space Free | Partition Type: NTFS
Drive H: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive S: | 465,76 Gb Total Space | 73,48 Gb Free Space | 15,78% Space Free | Partition Type: NTFS
 
Computer Name: ***-WIN7 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.14 10:27:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Users\*** ***\Downloads\OTL.exe
PRC - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.10.19 16:03:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.10.19 16:02:32 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2011.03.09 05:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\cbService.exe
PRC - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.11.25 14:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\System\SpeedFan\speedfan.exe
PRC - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.08.05 13:11:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.08.05 13:10:58 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.17 13:46:52 | 000,192,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.01.17 13:46:52 | 000,172,032 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.01.11 20:39:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012.01.11 20:39:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.26 17:51:11 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011.10.26 17:50:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011.10.26 17:50:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011.10.26 17:45:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011.10.26 17:45:29 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011.10.26 17:45:17 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011.10.26 17:45:16 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011.10.26 17:45:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.26 17:45:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.26 17:44:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.26 17:44:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.26 17:44:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.26 17:44:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.26 17:44:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.03.08 23:24:12 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- C:\Windows\System32\mswsock.dll
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 09:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 09:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (zpaction)
SRV - File not found [Auto | Stopped] --  -- (qserver)
SRV - File not found [Auto | Stopped] --  -- (nvatabus)
SRV - File not found [Auto | Stopped] --  -- (gmer)
SRV - [2011.12.22 19:28:31 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.05.24 12:44:40 | 007,237,024 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe -- (SamsungAllShare)
SRV - [2011.05.24 12:44:30 | 000,022,464 | ---- | M] (Samsung Electronics) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010.07.16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:14:41 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\System32\isdrv120.dll -- (nvidesm)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.08 14:46:13 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.27 02:25:56 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2011.10.27 02:25:56 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2011.10.27 02:25:56 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2011.10.27 02:25:56 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2011.10.19 16:03:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.09 22:28:10 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.09 05:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfyMP)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfy)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.19 10:38:05 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.13 18:20:22 | 000,050,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010.05.07 11:19:28 | 000,061,824 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCL01132.sys -- (SCL01132)
DRV - [2010.04.26 10:48:36 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010.04.18 21:06:43 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2010.04.07 09:51:20 | 000,171,240 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010.04.06 17:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 17:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 17:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010.03.18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 10:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.09.11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.09.11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.09.11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.09.11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.07.28 19:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.19 08:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009.06.19 08:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 08:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 10:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.12 15:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2007.09.17 15:30:34 | 000,117,120 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinTun.sys -- (PTDVB) Cinergy 1200 DVB-S Tuner (BDA)
DRV - [2007.09.17 15:30:34 | 000,062,976 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinCap.sys -- (Cap7146_DVB) Cinergy 1200 DVB-S Capture (BDA)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.01.30 20:03:36 | 000,205,312 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007.01.15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.11.28 09:18:46 | 000,337,216 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg121nd5.sys -- (wg121)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 DB 84 9F 5E D3 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 19:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 09:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.30 10:44:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.19 10:10:52 | 000,000,000 | ---D | M]
 
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.10 20:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.12.08 15:28:24 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.12.16 11:28:11 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.07.28 15:09:07 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.02.05 11:45:07 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.12.05 15:49:43 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.08.09 18:44:37 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011.01.07 19:44:58 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.12.18 18:32:12 | 000,000,000 | ---D | M] (AllowClipboard Helper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{cda6db95-6aab-414b-803c-40cf34f589b5}
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\ctrl-tab@design-noir.de
[2010.11.18 23:20:12 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.11 10:37:26 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.10.30 10:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5853x5o4.default\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions\staged
[2010.07.24 11:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\toolbar@ask.com
[2011.11.22 22:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.08 19:40:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.24 11:21:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.01.08 19:40:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.08 19:40:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.08 19:40:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 19:40:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.30 10:31:38 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.01.08 19:40:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 19:40:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.10.25 20:36:27 | 000,000,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Power Manager] C:\Program Files\Gembird\Power Manager\pm.exe (Gembird Europe B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dexpot] C:\Program Files\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [StrokeIt] C:\Program Files\System\StrokeIt\strokeit.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010.05.23 17:39:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk = C:\Program Files\System\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\mswsock.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3305EA17-9DD5-466B-BBBB-F59126F609D7}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECBE26F-7263-4D95-808F-2A256DEA3283}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Local\46f8b494\X) -C:\Users\***\AppData\Local\46f8b494\X ()
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d170c19a-be42-11de-bf5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d170c19a-be42-11de-bf5b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: zpaction -  File not found
NetSvcs: qserver -  File not found
NetSvcs: nvidesm - C:\Windows\System32\isdrv120.dll (Iomega)
NetSvcs: gmer -  File not found
NetSvcs: nvatabus -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: prwntdrv - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - Service
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: prwntdrv - Reg Error: Value error.
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - 
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled - 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
         

Alt 17.01.2012, 14:07   #14
F0ggy
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Fortsetzung:
Code:
ATTFilter
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.15 09:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.14 15:21:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.01.14 15:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.14 15:21:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.14 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.14 15:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.13 23:58:31 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.01.13 23:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\46f8b494
[2012.01.13 13:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012.01.12 19:14:44 | 000,000,000 | ---D | C] -- C:\Users\***\riotsGamesLogs
[2012.01.12 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient
[2012.01.12 15:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.01.12 15:13:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PMB Files
[2012.01.12 15:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.01.12 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.01.11 19:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneEdit Dynamic Update Client
[2012.01.10 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Wondershare PDF Converter
[2012.01.10 23:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012.01.10 23:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012.01.07 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft Robocopy GUI
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.01.05 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eidos
[2012.01.05 15:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011.12.24 16:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Music_Maker_17
[2011.12.24 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_17
[2011.12.24 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Memeo
[2011.12.24 11:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2011.12.24 11:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2011.12.24 11:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.17 13:46:53 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.17 13:46:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.17 13:45:53 | 2415,206,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.17 11:24:28 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 11:24:28 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.15 20:40:35 | 387,113,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.15 20:09:51 | 000,710,228 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.15 20:09:51 | 000,663,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.15 20:09:51 | 000,154,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.15 20:09:51 | 000,126,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.14 15:21:18 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.14 14:29:37 | 000,001,212 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.14 11:02:37 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\f61dpqf4.exe
[2012.01.14 10:39:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.13 13:19:33 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.12 15:44:38 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,061 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Robocopy GUI.lnk
[2012.01.05 18:20:52 | 000,000,206 | ---- | M] () -- C:\Users\***\Desktop\Portal.url
[2011.12.25 18:05:49 | 000,491,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.24 16:10:19 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.14 18:21:29 | 387,113,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.14 16:56:25 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\f61dpqf4.exe
[2012.01.14 15:21:18 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.14 10:39:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.13 23:55:14 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.12 15:44:38 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,061 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Robocopy GUI.lnk
[2012.01.06 17:53:19 | 000,003,021 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Robocopy GUI.lnk
[2012.01.05 18:20:52 | 000,000,206 | ---- | C] () -- C:\Users\***\Desktop\Portal.url
[2011.12.24 16:10:19 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
[2011.11.18 16:47:37 | 000,000,079 | ---- | C] () -- C:\Users\***\AppData\Local\CrystalDiskMark30.ini
[2011.10.31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.28 21:17:58 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.28 21:17:35 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.04.28 21:17:26 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.24 11:52:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.19 15:51:24 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.14 18:07:44 | 000,232,448 | ---- | C] () -- C:\Windows\System32\mswsock.dll
[2011.04.14 18:06:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.26 17:31:01 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.02.01 23:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.23 23:39:45 | 000,000,053 | ---- | C] () -- C:\Windows\Eraser.INI
[2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.11.06 16:04:11 | 000,000,395 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.05 11:40:30 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2010.08.07 17:33:29 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.08.05 21:32:31 | 000,000,000 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010.08.04 18:14:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 12:37:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.07.12 12:37:55 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.07 16:28:58 | 000,001,099 | ---- | C] () -- C:\Users\***\AppData\Roaming\ShiftN.ini
[2010.04.19 20:44:09 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.19 20:43:48 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.04.18 20:42:50 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.06 17:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2010.04.03 11:20:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.02 12:37:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.27 17:24:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.05 11:52:53 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2010.01.30 14:54:38 | 000,007,600 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.01.28 19:44:10 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.28 19:39:23 | 000,001,212 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.10.26 21:15:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 09:47:43 | 000,710,228 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,154,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,491,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,663,428 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,126,378 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.pknowledge
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\conkeror.mozdev.org
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crazysoft
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.17 13:49:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dexpot
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingDIALOG
[2011.01.07 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2012.01.17 13:46:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2011.11.20 14:05:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.pknowledge
[2011.04.19 10:11:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.05.03 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.04.24 11:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2011.10.29 23:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\conkeror.mozdev.org
[2010.01.28 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crazysoft
[2010.03.05 12:13:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Creative
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.17 13:49:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dexpot
[2010.03.31 17:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.07.18 17:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.10.21 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2009.10.21 17:02:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.04.17 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel Corporation
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingDIALOG
[2011.01.07 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2010.07.08 15:25:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2010.07.08 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.08.09 19:07:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.14 15:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2011.12.21 10:43:49 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.01.06 17:53:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Microsoft Robocopy GUI
[2009.10.26 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010.03.29 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2010.04.23 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2010.03.05 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2011.10.30 17:54:46 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2012.01.17 13:50:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.27 19:46:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.05.25 14:04:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation
[2012.01.17 13:46:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2010.05.12 22:13:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun
[2009.10.26 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Talkback
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2011.02.15 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2011.12.12 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.01.31 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.01.29 06:39:18 | 004,689,306 | ---- | M] (Phil Harvey) -- C:\Users\***\AppData\Roaming\GeoSetter\tools\exiftool.exe
[2010.07.06 13:34:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.01.06 17:53:19 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{107C666F-63C5-4263-8D40-8B9CFB5FED08}\_3995960CB1E9C3E7D1AB19.exe
[2012.01.06 17:53:19 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{107C666F-63C5-4263-8D40-8B9CFB5FED08}\_7D7DA06457C4EB49E1DD79.exe
[2010.09.05 13:17:19 | 000,003,584 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009.11.08 18:23:32 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2010.09.19 21:37:35 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_3207B59E601B5F75D71B21.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_6FEFF9B68218417F98F549.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_93A0BD079836122C39D406.exe
[2010.07.09 10:35:22 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011.04.19 10:12:28 | 000,014,846 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}\FileOpenNew.exe
[2010.09.29 19:53:31 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.07.11 11:40:42 | 000,002,238 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{EAEFE468-1A5D-49A6-8286-D74C6261CE75}\_744700CFCD6A03D1A3FD79.exe
[2011.01.31 02:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.04.23 13:51:25 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\FlashGot.exe
[2011.12.13 16:57:24 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe
[2011.12.13 16:57:20 | 000,068,096 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe
[2011.02.17 21:39:13 | 000,835,440 | R--- | M] () -- C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
[2011.12.04 16:15:39 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2011.11.02 16:51:52 | 000,928,656 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.11.02 16:51:56 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.11.02 16:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.10.31 11:23:28 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.10.31 11:23:28 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.10.31 11:23:28 | 000,690,688 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.11.02 16:51:58 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.10.31 11:23:12 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.10.31 11:23:12 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.11.02 16:52:04 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.11.02 16:52:06 | 000,021,392 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.11.02 16:52:08 | 003,571,576 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.11.02 16:52:10 | 000,391,568 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.02 16:17:54 | 000,392,080 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\temp\cleanup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.03.09 05:53:44 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB3475$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         

Alt 17.01.2012, 14:53   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mediashifting.com mit TR/Sirefef.J.637 - Standard

Mediashifting.com mit TR/Sirefef.J.637



Da ist offensichtlich ein ZeroAccess im System

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Mediashifting.com mit TR/Sirefef.J.637
80000000.@, avg, avira, bho, blockiert, browser, desktop, document, entfernen, error, excel.exe, firefox, format, helper, home, langs, league of legends, logfile, malware gefunden, mozilla thunderbird, mp3, netgear, plug-in, programm, realtek, registry, required, rundll, safer networking, scan, senden, siteadvisor, software, spielen, super, thomas, virus, webcheck, windows



Ähnliche Themen: Mediashifting.com mit TR/Sirefef.J.637


  1. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  2. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  3. Sirefef-A und Sirefef.mc Virenfund - eigenständiges Öffnen von Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (9)
  4. Sirefef.a Sirefef.AH und andere per Netzwerk entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (3)
  5. Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen
    Log-Analyse und Auswertung - 31.08.2012 (27)
  6. Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (29)
  7. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  8. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  9. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  10. Trojana:Win32/Sirefef.R und Sirefef.AH kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (13)
  11. Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (37)
  12. Win64:Sirefef-A (Trj) und Win32:Sirefef-AO (Rtk) eingefangen
    Log-Analyse und Auswertung - 10.06.2012 (14)
  13. Mediashifting-Problem -mediashifting.com/?search=A123&subid=73&key=aa72a328fb1b718e9e62&p=1
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (13)
  14. Trojan:Win64/Sirefef.K + .../Sirefef.D + .../Sirefef.E
    Log-Analyse und Auswertung - 13.01.2012 (15)
  15. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  16. Trojan:Win64/Sirefef.K & Sirefef.D & Sirefef.E
    Log-Analyse und Auswertung - 02.01.2012 (6)
  17. Mediashifting/p95 - Automatisches Öffnen von mediashifting.com+kein Öffnen von Suchergebniss möglich
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (8)

Zum Thema Mediashifting.com mit TR/Sirefef.J.637 - Hallo zusammen! Auf der Suche für eine Lösung meines Malwarefundes bin ich auf dieses Board gestoßen. Folgende Situation bereitet mir Sorgen: Antivir Premium gibt mir die Meldung aus "Malware gefunden": - Mediashifting.com mit TR/Sirefef.J.637...
Archiv
Du betrachtest: Mediashifting.com mit TR/Sirefef.J.637 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.