Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Viren selbst löschen, ohne neu Installation?

Viren selbst löschen, ohne neu Installation?


Plagegeister aller Art und deren Bekämpfung: Viren selbst löschen, ohne neu Installation?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 4 1 2 34
Alt 10.10.2012, 14:09   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Bitte einen Kontrollscan mit dem adwCleaner machen:
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 14:37   #17
Kudoka
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Nochmal das selbe?

Die Logdatei:

Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 10/10/2012 um 15:37:22 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : steffi - STEFFI-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\steffi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\steffi\AppData\Roaming\Mozilla\Firefox\Profiles\dqxh7hlm.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Toni.steffi-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jvvk4s8h.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.29] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Gefunden [l.32] : keyword = "isearch.avg.com",
Gefunden [l.35] : search_url = "hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}",

Datei : C:\Users\Toni.steffi-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]
Gefunden [l.1490] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gefunden [l.1931] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [58517 octets] - [09/10/2012 16:26:43]
AdwCleaner[R2].txt - [58578 octets] - [09/10/2012 17:28:29]
AdwCleaner[S1].txt - [53590 octets] - [09/10/2012 17:28:48]
AdwCleaner[R3].txt - [6699 octets] - [09/10/2012 17:35:29]
AdwCleaner[S2].txt - [7498 octets] - [09/10/2012 18:05:04]
AdwCleaner[S3].txt - [7074 octets] - [09/10/2012 22:58:46]
AdwCleaner[R4].txt - [2350 octets] - [10/10/2012 15:37:22]

########## EOF - C:\AdwCleaner[R4].txt - [2410 octets] ##########
__________________
Alt 10.10.2012, 15:23   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Nein aber da ist immer noch was drin oder schon wieder

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)
__________________
__________________
Alt 10.10.2012, 15:31   #19
Kudoka
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Das neue Log

Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 10/10/2012 um 16:27:43 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : steffi - STEFFI-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\steffi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\steffi\AppData\Roaming\Mozilla\Firefox\Profiles\dqxh7hlm.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Toni.steffi-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jvvk4s8h.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.29] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Gelöscht [l.32] : keyword = "isearch.avg.com",
Gelöscht [l.35] : search_url = "hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}",

Datei : C:\Users\Toni.steffi-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]
Gelöscht [l.1490] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.1931] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [58517 octets] - [09/10/2012 16:26:43]
AdwCleaner[R2].txt - [58578 octets] - [09/10/2012 17:28:29]
AdwCleaner[S1].txt - [53590 octets] - [09/10/2012 17:28:48]
AdwCleaner[R3].txt - [6699 octets] - [09/10/2012 17:35:29]
AdwCleaner[S2].txt - [7498 octets] - [09/10/2012 18:05:04]
AdwCleaner[S3].txt - [7074 octets] - [09/10/2012 22:58:46]
AdwCleaner[R4].txt - [2479 octets] - [10/10/2012 15:37:22]
AdwCleaner[S4].txt - [2412 octets] - [10/10/2012 16:27:43]

########## EOF - C:\AdwCleaner[S4].txt - [2472 octets] ##########

Alt 10.10.2012, 15:42   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 15:48   #21
Kudoka
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Zitat:
Zitat von cosinus Beitrag anzeigen
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
1.) Tatsächlich, es funktioniert

2.) Nein, alles da

EDIT:

Rechner fährt hoch, aber er ist sehr langsam... oftmals kommt (Keine Rückmeldung)

Alt 10.10.2012, 15:54   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 15:57   #23
Kudoka
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Bevor ich dies mache, würde ich gern fragen, ob ich dies auch im Abgesicherten Modus machen kann?
Der Rechner hängt schon wieder
(Hängt sich nicht komplett auf, aber es kommt immer (Keine Rückmeldung)

Alt 10.10.2012, 16:31   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Ja mach es im abgesicherten Modus mit Netzwerktreibern
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 17:13   #25
Kudoka
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Haben sich direkt nach dem Scan 2 Textdokumente geöffnet.
Kann sie nur leider nicht posten da sie über 15.000 Zeichen große sind :/

Habe es auch schon enzelnd versucht...

Code:
ATTFilter
OTL logfile created on: 10.10.2012 17:41:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steffi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,27 Gb Available Physical Memory | 81,77% Memory free
7,78 Gb Paging File | 7,19 Gb Available in Paging File | 92,41% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 316,95 Gb Free Space | 69,13% Space Free | Partition Type: NTFS
Drive D: | 458,36 Gb Total Space | 435,95 Gb Free Space | 95,11% Space Free | Partition Type: NTFS
 
Computer Name: STEFFI-PC | User Name: steffi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 17:39:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008.10.03 11:38:46 | 000,908,800 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 19:29:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.18 17:45:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.06 21:35:21 | 000,419,624 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.07 10:13:24 | 000,235,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.10.22 15:18:54 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.03 18:04:33 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2009.11.16 18:33:38 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.09 15:41:27 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.09 15:41:27 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.04.30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009.04.09 13:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008.10.03 12:30:42 | 004,766,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.04.28 11:02:40 | 000,055,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.03.04 23:39:22 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.03.04 23:39:22 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.03.04 23:39:20 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2006.10.04 12:45:16 | 000,015,656 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m5641
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m5641
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20121005&user_guid=2B3D7D2912C94F4CA55A4EB5BC69E6F9&machine_id=1c328ee4814ba59e782a381e88a3d99c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{2560439D-506D-440A-9BD7-7274A8BC3F83}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{449E2B9E-8CDC-49FB-9FA8-C985E2466B28}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{51EFFCC8-61E7-4F82-B2A8-FD407206DD64}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{A328C9FD-C6C9-4357-8A54-838AADD0855E}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{E8C68D8B-50DB-45E5-9E06-A9351B54682E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F334A448-2DA9-4FE2-9F31-C936A073821A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F9B4B5FE-9EA3-43F2-8C4C-1B65E3685D35}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.5.20111209014555
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.3
FF - prefs.js..extensions.enabledAddons: crossriderapp498@crossrider.com:0.76.37
FF - prefs.js..extensions.enabledAddons: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.9.0.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr@Facemoods.com:1.4.1
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5190
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:3.1.0.1630
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1840
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=de_DE&apn_uid=6371CA51-8EDD-4E6C-9BC0-9F343C807888&apn_ptnrs=Q6&apn_sauid=31A23868-0BFC-4A90-9B33-50027775E436&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer:  File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\steffi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.07 15:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.05 05:59:55 | 000,000,000 | ---D | M]
 
[2012.03.12 19:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Extensions
[2009.11.15 20:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.10.10 13:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Firefox\Profiles\dqxh7hlm.default\extensions
[2012.06.06 17:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.26 19:39:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.11 12:53:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.09.10 21:01:08 | 000,000,000 | ---D | M] (QuestService) -- C:\Program Files (x86)\mozilla firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
[2012.07.18 17:45:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.04 21:03:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.12.17 19:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2009.10.26 17:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\steffi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: ICQ Sparberater = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.671_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\RunOnce: [Report] C:\AdwCleaner[S4].txt ()
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk = C:\Program Files (x86)\DeskSpace\deskspace.exe (Otaku Software Pty Ltd)
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB39830-1911-45D8-83E2-795119A08CEF}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA40AB2-C23D-4F2C-8C16-5477E99BC32E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35d09530-bfe8-11df-806d-0024210f4e62}\Shell - "" = AutoRun
O33 - MountPoints2\{35d09530-bfe8-11df-806d-0024210f4e62}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35d0955c-bfe8-11df-806d-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{964a39fd-ce12-11df-b4e5-00a0c6000000}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{c2ea522a-5055-11de-8290-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2ea522a-5055-11de-8290-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ASETRES.EXE -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^steffi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^steffi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Acer Empowering Technology Monitor - hkey= - key= - C:\Acer\Empowering Technology\SysMonitor.exe ()
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Advanced System Protector_startup - hkey= - key= - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig:64bit - StartUpReg: AVG_TRAY - hkey= - key= - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig:64bit - StartUpReg: BabylonToolbar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
MsConfig:64bit - StartUpReg: dcmsvc - hkey= - key= - C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: EPSON SX110 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFBE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\steffi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Guard.Mail.ru.gui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: InboxToolbar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NVRaidService - hkey= - key= - C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
MsConfig:64bit - StartUpReg: NvSvc - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig:64bit - StartUpReg: PCMMediaSharing - hkey= - key= - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
MsConfig:64bit - StartUpReg: PCPowerSpeed - hkey= - key= - C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
MsConfig:64bit - StartUpReg: PCSpeedUp - hkey= - key= - C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ROC_ROC_NT - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: vProt - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WindowsWelcomeCenter - hkey= - key= -  File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1FDBD6E0-7797-D354-5251-32691B77CF32} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {46710DA1-22E5-477D-F7C0-D4D6690A81FF} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 17:39:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
[2012.10.10 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\steffi\Desktop\Neuer Ordner (2)
[2012.10.10 15:36:32 | 000,000,000 | ---D | C] -- C:\Users\steffi\Desktop\Neuer Ordner
[2012.10.10 13:16:37 | 000,000,000 | ---D | C] -- C:\Users\steffi\Documents\Simply Super Software
[2012.10.08 23:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.08 23:41:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\steffi\Desktop\esetsmartinstaller_enu (1).exe
[2012.10.08 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Roaming\Malwarebytes
[2012.10.08 01:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.10.08 01:09:07 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\SysWow64\ztv7z.dll
[2012.10.08 01:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.10.08 01:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.10.07 22:19:28 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Local\Systweak
[2012.10.07 21:41:08 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Roaming\Systweak
[2012.10.07 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.07 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.07 20:53:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.07 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.07 20:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012.10.07 20:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012.10.07 20:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2012.10.07 20:17:41 | 000,017,080 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.10.07 20:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.10.07 20:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012.10.07 19:57:55 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.07 19:57:55 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.07 19:57:55 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.07 19:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.07 19:57:54 | 000,000,000 | ---D | C] -- C:\Avira
[2012.10.07 19:33:09 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.10.07 03:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012.10.07 02:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2012.10.05 14:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.10.05 14:26:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.10.05 14:25:17 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.10.05 14:25:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.10.05 14:25:13 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.10.05 14:25:13 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.10.05 14:25:13 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.10.05 14:25:10 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.10.05 14:25:10 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.10.05 14:25:10 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.10.05 14:25:09 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.10.05 14:25:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.10.05 14:25:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.10.05 14:25:03 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.10.05 14:25:03 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.10.05 14:25:02 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.10.05 14:25:02 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.10.05 14:25:00 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.10.05 14:24:59 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.10.05 14:24:58 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.10.05 14:24:58 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.10.05 14:24:57 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.10.05 14:24:56 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012.10.05 14:24:56 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.10.05 14:24:55 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.10.05 14:24:54 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.10.05 14:24:54 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.10.05 14:24:53 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.10.05 14:24:53 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.10.05 14:24:53 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.10.05 14:24:41 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.10.05 14:24:40 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.10.05 14:24:40 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.10.05 14:24:40 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.10.05 14:24:39 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.10.05 14:24:39 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.10.05 14:24:38 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.10.05 14:24:38 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.10.05 14:24:37 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.10.05 14:24:37 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.10.05 14:24:37 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.10.05 14:24:36 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.10.05 14:24:36 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.10.05 14:24:36 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.10.05 14:24:36 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.10.05 14:24:35 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.10.05 14:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.10.05 14:18:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.10.05 13:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2012.10.05 13:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.10.05 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.10.05 13:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.10.05 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.10.05 13:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.10.04 23:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.04 21:48:28 | 000,000,000 | ---D | C] -- C:\Herr der Ringe Online
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 17:39:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
[2012.10.10 17:39:34 | 000,048,924 | ---- | M] () -- C:\Users\steffi\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.10.10 17:37:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 16:55:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 16:55:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 16:48:36 | 000,000,853 | ---- | M] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
[2012.10.09 16:25:39 | 000,538,327 | ---- | M] () -- C:\Users\steffi\Desktop\adwcleaner.exe
[2012.10.08 23:41:56 | 002,322,184 | ---- | M] (ESET) -- C:\Users\steffi\Desktop\esetsmartinstaller_enu (1).exe
[2012.10.08 17:05:20 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 15:33:41 | 000,036,864 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2012.10.08 00:19:27 | 000,001,480 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.10.08 00:16:08 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\RegClean Pro.job
[2012.10.07 23:13:27 | 000,093,184 | ---- | M] () -- C:\Users\steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.07 20:18:31 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.10.07 20:17:40 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.10.07 19:12:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 17:39:20 | 000,385,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.07 17:36:53 | 000,011,543 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.10.04 21:29:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.04 16:22:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
[2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.09.21 12:05:36 | 000,017,080 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.10 17:39:34 | 000,048,924 | ---- | C] () -- C:\Users\steffi\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.10.09 16:25:37 | 000,538,327 | ---- | C] () -- C:\Users\steffi\Desktop\adwcleaner.exe
[2012.10.08 16:30:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 01:09:07 | 000,185,616 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll
[2012.10.08 01:09:07 | 000,169,744 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012.10.08 01:09:07 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.10.08 01:09:07 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012.10.08 01:09:07 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.10.07 20:42:09 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\RegClean Pro.job
[2012.10.07 20:30:04 | 000,001,480 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.10.07 20:18:31 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.10.07 20:18:30 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2012.10.07 20:17:40 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 17:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 17:38:51 | 000,385,064 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 14:25:03 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.10.05 13:34:21 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.10.04 21:29:46 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.04 11:13:28 | 000,000,853 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
[2012.09.25 15:31:45 | 000,001,077 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
[2012.09.05 16:50:30 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.08.27 20:56:42 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2012.08.27 20:56:41 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.08.27 20:56:41 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.28 15:23:56 | 000,027,520 | ---- | C] () -- C:\Users\steffi\AppData\Local\dt.dat
[2012.07.28 15:23:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.06.07 18:17:21 | 000,001,103 | ---- | C] () -- C:\Users\steffi\pics.lnk
[2012.05.17 08:09:55 | 000,000,552 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d8caps.dat
[2012.05.17 08:09:31 | 000,001,356 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d9caps.dat
[2012.05.17 08:08:08 | 000,000,732 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d9caps64.dat
[2012.04.21 13:28:57 | 000,022,528 | -H-- | C] () -- C:\Users\steffi\photothumb.db
[2012.04.21 12:41:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.04.21 12:41:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.04.21 12:40:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.04.13 11:59:21 | 000,270,093 | ---- | C] () -- C:\Users\steffi\oma herz11.jpg
[2012.04.13 11:58:40 | 000,264,609 | ---- | C] () -- C:\Users\steffi\oma herz.jpg
[2012.04.13 11:50:10 | 000,309,321 | ---- | C] () -- C:\Users\steffi\deika herz.jpg
[2012.04.13 11:32:41 | 000,171,175 | ---- | C] () -- C:\Users\steffi\toni herz.jpg
[2012.04.12 12:23:28 | 000,001,576 | ---- | C] () -- C:\Users\steffi\.recently-used.xbel
[2011.12.02 11:54:53 | 000,000,000 | ---- | C] () -- C:\Users\steffi\AppData\Local\{D1532B29-5D6C-4A65-BAB1-6C28BE6FAE54}
[2011.08.30 17:24:51 | 000,000,000 | ---- | C] () -- C:\Users\steffi\AppData\Local\{34E27691-0E84-4939-8086-6529212AF7AB}
[2011.07.12 00:04:20 | 000,032,479 | ---- | C] () -- C:\Users\steffi\ahja.rtf
[2011.01.13 12:51:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.20 15:29:24 | 000,009,728 | ---- | C] () -- C:\Users\steffi\schlecker.wps
[2010.12.20 14:19:44 | 000,004,138 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\wklnhst.dat
[2009.12.13 11:32:31 | 000,000,231 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\mb3settings.xml
[2009.12.13 11:32:23 | 000,131,200 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Tahoma_12.dds
[2009.12.13 11:32:23 | 000,004,096 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Tahoma_12.crd
[2009.09.05 12:56:35 | 000,000,094 | ---- | C] () -- C:\Users\steffi\AppData\Local\fusioncache.dat
[2009.06.26 22:16:40 | 000,093,184 | ---- | C] () -- C:\Users\steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Acer GameZone Console
[2011.11.15 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\LG Electronics
[2011.08.27 14:04:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Vodafone
[2010.08.28 00:07:56 | 000,000,000 | -HSD | M] -- C:\Users\steffi\AppData\Roaming\.#
[2012.05.27 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\.minecraft
[2012.07.19 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\4 Friends Games
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Acer GameZone Console
[2012.06.18 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AlawarEntertainment
[2011.11.22 02:43:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AnvSoft
[2012.07.02 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Artogon
[2012.07.07 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AVG2012
[2012.07.03 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Big Fish Games
[2011.03.15 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\BlamGames
[2012.07.02 08:21:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Blue Tea Games
[2012.07.18 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Boomzap
[2011.07.31 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Canneverbe Limited
[2011.01.11 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\cerasus.media
[2012.07.03 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ChaYoWo Games
[2009.11.17 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ClubCooee
[2011.11.25 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.01.18 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2011.05.22 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2012.02.18 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoft
[2012.02.18 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.22 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\EleFun Games
[2012.07.04 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enki Games
[2012.07.04 11:03:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enlightenus
[2012.07.02 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS G-Studio
[2012.06.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS Game Studios
[2009.06.27 13:00:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\eSobi
[2010.12.16 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Fighters
[2012.01.31 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Flood Light Games
[2009.06.27 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FloodLightGames
[2012.07.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Friday's games
[2012.06.22 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Frogwares
[2009.06.27 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Gaijin Ent
[2011.07.26 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\go
[2012.04.12 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\gtk-2.0
[2012.03.09 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ICQ Search
[2010.12.25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InterTrust
[2010.08.06 07:31:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\LG Electronics
[2009.09.14 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Little Games Company
[2012.06.22 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MA2
[2009.12.13 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Magic Academy
[2012.07.01 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mariaglorum
[2009.12.05 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Meridian93
[2011.01.21 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Merscom
[2012.01.31 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MyPlayCity
[2009.12.13 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mysteryville2
[2011.03.22 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Namco
[2010.10.18 10:18:30 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OCS
[2011.08.03 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OpenOffice.org
[2010.10.18 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Opera
[2012.06.20 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Orneon
[2012.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OtakuSoftware
[2012.10.04 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PCPowerSpeed
[2011.01.21 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Phantasmat_bf_ce1
[2011.12.05 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PhotoScape
[2011.01.19 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayFirst
[2010.12.15 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayPond
[2011.03.24 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\QB9
[2011.09.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Red Alert 3
[2012.10.08 00:12:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Systweak
[2010.12.20 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Template
[2011.03.15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TikisLab
[2012.07.19 09:10:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Top Evidence
[2011.09.23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TS3Client
[2012.04.13 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TuneUp Software
[2009.09.05 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Turbine
[2010.07.28 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vivox
[2010.09.14 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vodafone
[2009.06.27 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Wildlife Park 2
[2012.01.31 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\YoudaGames
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Zylom
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Acer GameZone Console
[2011.08.27 14:07:50 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Vodafone
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Acer GameZone Console
[2012.10.04 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\AVG2012
[2012.10.04 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\PCPowerSpeed
[2012.10.08 01:09:11 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Simply Super Software
[2012.10.07 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Systweak
[2011.12.01 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.28 00:07:56 | 000,000,000 | -HSD | M] -- C:\Users\steffi\AppData\Roaming\.#
[2012.05.27 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\.minecraft
[2012.07.19 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\4 Friends Games
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Acer GameZone Console
[2011.05.22 10:40:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Adobe
[2012.06.18 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AlawarEntertainment
[2011.11.22 02:43:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AnvSoft
[2011.09.19 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Apple Computer
[2012.07.02 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Artogon
[2009.06.26 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ATI
[2012.07.07 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AVG2012
[2012.07.03 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Big Fish Games
[2011.03.15 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\BlamGames
[2012.07.02 08:21:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Blue Tea Games
[2012.07.18 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Boomzap
[2011.07.31 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Canneverbe Limited
[2011.01.11 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\cerasus.media
[2012.07.03 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ChaYoWo Games
[2009.11.17 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ClubCooee
[2011.11.25 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009.08.11 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\CyberLink
[2011.01.18 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2011.05.22 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.01.11 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DivX
[2011.08.19 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\dvdcss
[2012.02.18 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoft
[2012.02.18 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.22 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\EleFun Games
[2012.07.04 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enki Games
[2012.07.04 11:03:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enlightenus
[2012.07.02 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS G-Studio
[2012.06.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS Game Studios
[2009.06.27 13:00:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\eSobi
[2010.12.16 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Fighters
[2010.09.14 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FLEXnet
[2012.01.31 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Flood Light Games
[2009.06.27 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FloodLightGames
[2012.07.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Friday's games
[2012.06.22 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Frogwares
[2009.06.27 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Gaijin Ent
[2011.07.26 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\go
[2009.08.18 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Google
[2012.04.12 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\gtk-2.0
[2012.03.09 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ICQ Search
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Identities
[2010.08.06 07:31:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InstallShield
[2010.12.25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InterTrust
[2010.08.06 07:31:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\LG Electronics
[2009.09.14 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Little Games Company
[2012.06.22 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MA2
[2009.06.26 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Macromedia
[2009.12.13 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Magic Academy
[2012.10.08 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Malwarebytes
[2012.07.01 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mariaglorum
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Media Center Programs
[2009.12.05 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Meridian93
[2011.01.21 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Merscom
[2012.08.28 08:32:40 | 000,000,000 | --SD | M] -- C:\Users\steffi\AppData\Roaming\Microsoft
[2009.11.15 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mozilla
[2012.01.31 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MyPlayCity
[2009.12.13 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mysteryville2
[2011.03.22 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Namco
[2010.10.18 10:18:30 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OCS
[2011.08.03 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OpenOffice.org
[2010.10.18 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Opera
[2012.06.20 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Orneon
[2012.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OtakuSoftware
[2012.10.04 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PCPowerSpeed
[2011.01.21 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Phantasmat_bf_ce1
[2011.12.05 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PhotoScape
[2011.01.19 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayFirst
[2010.12.15 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayPond
[2011.03.24 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\QB9
[2011.09.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Red Alert 3
[2009.06.28 13:11:01 | 000,000,000 | RH-D | M] -- C:\Users\steffi\AppData\Roaming\SecuROM
[2012.01.31 13:42:15 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Skype
[2011.05.29 10:16:34 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\skypePM
[2010.12.15 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\SunRay Games
[2012.10.08 00:12:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Systweak
[2009.09.20 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\teamspeak2
[2010.12.20 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Template
[2011.03.15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TikisLab
[2012.07.19 09:10:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Top Evidence
[2011.09.23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TS3Client
[2012.04.13 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TuneUp Software
[2009.09.05 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Turbine
[2010.07.28 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vivox
[2009.06.30 16:20:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\vlc
[2010.09.14 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vodafone
[2009.06.27 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Wildlife Park 2
[2011.04.25 14:41:17 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\WinRAR
[2012.01.31 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\YoudaGames
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2011.12.17 01:28:00 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\steffi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.03 12:12:22 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\steffi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.01.11 16:54:35 | 000,010,134 | R--- | M] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.10.22 15:18:54 | 000,106,496 | ---- | M] (OCS) -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.10.22 15:18:54 | 000,040,960 | ---- | M] () -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

Alt 10.10.2012, 17:17   #26
Kudoka
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Hier der Rest:

Code:
ATTFilter
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 17:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:42:03 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.16 20:02:48 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.08.30 01:12:14 | 000,000,450 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for steffi.job
[2011.11.10 23:12:05 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000Core.job
[2011.11.10 23:12:05 | 000,001,142 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
[2012.05.25 07:02:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.04 21:29:46 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.07 20:42:09 | 000,000,314 | ---- | C] () -- C:\Windows\Tasks\RegClean Pro.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:B6DD2C7E
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:12383CAE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D7D0B4AF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CCB49694
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E87AB4E3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD95E6D9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F2B5D9AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6499508E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C86B29EB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5E9B629B

< End of report >
Und das "Extras. Txt":

Code:
ATTFilter
OTL Extras logfile created on: 10.10.2012 17:41:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steffi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,27 Gb Available Physical Memory | 81,77% Memory free
7,78 Gb Paging File | 7,19 Gb Available in Paging File | 92,41% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 316,95 Gb Free Space | 69,13% Space Free | Partition Type: NTFS
Drive D: | 458,36 Gb Total Space | 435,95 Gb Free Space | 95,11% Space Free | Partition Type: NTFS
 
Computer Name: STEFFI-PC | User Name: steffi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 2E FE 1B 55 B7 1F CD 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-611026035-4186560833-2948516132-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D93CA73-6A75-4DFF-813E-1A3F03A73C33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8CCC3CEA-485A-4249-AA01-A5392BB891D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{A96D047D-64C3-4819-B176-2AAEBB5EA81F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E049AD6F-9076-4D52-85D2-2EFCE2802AB4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07341D67-2198-441B-8B32-41B16F52360C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{088641C2-EAB6-4E71-ACDC-C49E2AF6F3C0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{11F3DB5D-DB0E-4A13-BCCA-57A59B32CEE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1B391E1B-9FC6-422A-9AA2-70B9288989BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold\stronghold.exe | 
"{1C9FB18B-967D-430C-B169-14D1D93C58E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{20A5EC57-B14E-4A59-99D2-871FA0B1B762}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{29405FEF-A534-44F3-B600-5C7530A47993}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2ADA9034-71E5-43B4-8B8F-4AD302B24152}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{2D235427-8B17-464A-8116-E7E0855E1D09}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{326D957E-D8C1-4134-B1D6-EB44C27D57F3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3844FCF8-0E5C-4337-B047-206E564349FD}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{3FED5378-F3EF-40A0-BCA7-D0D8F34904EC}" = dir=in | app=c:\users\steffi\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{4431F4D5-E8A8-459E-B790-C7554FEAAF23}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{45426A45-B040-4112-8C38-47CD57F8308B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{481A2C2D-8B07-4CDA-A086-9F9224ED1EC7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4E102C1A-53C4-40B6-A6DD-A13B8A4D55E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{50DE44B4-0A80-4196-95E3-D3E8A4291304}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5333F88A-77DF-4DCE-A29A-F73D802BE100}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{6634BDEB-1C77-4E9B-8AC6-5183CAE435F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | 
"{69A12DBD-BA5C-4937-BE06-2D39B0068672}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{71725025-0AA5-4AFD-AD83-C67DCB177A71}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{771AA88E-CE9F-4120-9ECE-D65711822699}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{7FC2D3ED-23DA-4C21-B0F4-4B5AA979AD2C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{851BB651-C5D9-4A68-B5F3-67141A967D05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold\stronghold.exe | 
"{86E0281D-9A12-48E3-AE14-41EAC4E604B9}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{8C3ED18B-38EC-46C7-8CED-8C958949537D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{9878175A-7CEA-4482-AEC4-7F3AC81AC1EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | 
"{A36F316E-3268-45AD-8C6C-A49F52F93664}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A7CDF499-DC4C-478E-BEE4-825B195CA79E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{B5FEC0A2-528F-4210-A6F1-78841CDA4009}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{B8EBB3CC-26E9-4729-99AC-90A006428F77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | 
"{BCA7F9C6-DD5B-4AC4-B428-6BF20BCB5B37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C1C9DFAD-C654-4798-9CBE-865F45090FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{CD00A303-1010-44A7-B958-7D9AD0ADEB65}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D193F247-7986-4D65-AEFB-9AAEA6C4C787}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D88B93B5-8182-479A-9F30-2D956ED50AD2}" = protocol=6 | dir=in | app=d:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{DAF7520A-2FE2-4B78-B771-3E9A0A3B0A18}" = protocol=17 | dir=in | app=d:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{DC649DC1-89C5-49EA-AE0E-DF7959EF63DA}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{DCA9F556-02B7-4969-8813-DA16D50A9CB2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E28E3DD6-2D87-4834-8845-F412200ACCB5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{E5244524-F8CE-4A02-8FCB-751AC1AB7B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | 
"{EBAE139E-7E48-47E0-9F40-B0B2902E9AE5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{EE9FBF25-BD57-463E-8FFB-35C11DBFE51B}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{F5A5CD4B-CD70-4B8A-9FA3-B557704E7195}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{F850312A-E579-4D70-98AA-9023B750BC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FBBFF49C-3EE6-4789-9524-147B25D13AAF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{9537E386-0E48-4F98-9C60-B397A1721BC1}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"UDP Query User{4747EFD6-762F-4329-B397-7BC5DA60FDB7}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C4E9AECF-A522-E656-9909-20269C9BDF73}" = ATI Catalyst Install Manager
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F41CB1E8-4F70-9F2F-1C8A-3D17156D451C}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation
"PDF Creator" = PDF Creator
"SearchAnonymizer" = SearchAnonymizer
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0017A998-81D6-3C60-37BA-CC0270227FE4}" = CCC Help Norwegian
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308138-2A97-6457-DEFD-A9DAA0A4BB6B}" = Catalyst Control Center Localization Spanish
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0AD63F91-AC37-E543-AB30-2E31F101C6FD}" = Skins
"{1294D937-4D0A-2481-0AE5-713E10803544}" = CCC Help Japanese
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18CBE018-1AA6-41EC-A345-090E9B41CCDB}" = Um die Welt in 80 Tagen
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1EFAA3FF-06D7-463A-0116-5AF5A9801BC3}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2C11389D-7D84-25A8-6511-EDAC3C894CDF}" = Catalyst Control Center Localization Norwegian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3474C36B-005C-5D61-3806-319C9F22B014}" = Catalyst Control Center Localization Finnish
"{3510C83C-0103-D6A6-42E2-2393D95E130A}" = Catalyst Control Center Graphics Full New
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{4020558F-6186-4A9B-BE59-B1D190D4E368}" = Wildlife Park 2 Platinum
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{465E6ED3-E9C8-0578-2EAF-14306B537947}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5506C4D6-B86C-841A-C8FB-C0A1778DE588}" = Catalyst Control Center Localization Danish
"{556A649F-72D2-4E41-A40C-794E0277AADB}" = System Requirements Lab CYRI
"{5903BD7F-67A1-3EB7-1E38-D8E916DA18C6}" = CCC Help Dutch
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64D7A8CF-A1C5-F905-437F-E71DB9C20318}" = CCC Help Spanish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{675F649A-1775-7D59-0724-906116A4FA41}" = Catalyst Control Center Localization Italian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70080BD1-A2DE-E4B2-AB57-4C1A940BCC72}" = Catalyst Control Center Localization German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739941B6-3C0F-290A-0B76-08C7CEA6F0F3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A0E37B-17DF-161A-7D5F-6CEB5B59D8C5}" = CCC Help French
"{895B75F0-0EDA-6CC3-03FA-18068BC27ED4}" = Catalyst Control Center Localization Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF9ED6F-4AAC-DF47-0B98-D77B44F8FE58}" = CCC Help English
"{9DB52C99-EC51-4173-93C5-298769170CB0}" = Audition
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.27
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B69991AB-BE6D-C759-B3BC-5D318753592E}" = CCC Help Swedish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3F677EC-AC3C-22AD-FF91-1FF1918CB182}" = Catalyst Control Center Localization Japanese
"{C885D139-5092-D20B-EC30-3FCAF3AC3EF2}" = CCC Help Danish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E0326792-4269-7E77-2CA0-FAE03F45A388}" = Catalyst Control Center Graphics Previews Vista
"{E0E21795-C479-927B-AE38-968CDBC932EF}" = ccc-core-static
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40096C5-F047-C5A9-7119-A4DFB0DE0775}" = Catalyst Control Center Localization French
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{ED854376-A148-5760-598B-EF3EFD647222}" = Catalyst Control Center Graphics Full Existing
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F704C8-0B59-A3B3-D69B-805D06629B08}" = CCC Help Italian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8C7A3FD-81B8-E9F1-7989-D138A7D59047}" = Catalyst Control Center Graphics Light
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD06CF26-F9DB-C201-B3B0-6155DAB99514}" = CCC Help German
"{FD3D5956-1F39-9DA1-5780-4749847B965A}" = CCC Help Finnish
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.0
"ArcaniA" = ArcaniA - Gothic 4
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Strokes - Die Suenden der Vaeter" = Dark Strokes: Die Sünden der Väter
"BFG-Haunted Manor - Die Koenigin des Todes" = Haunted Manor: Die Königin des Todes
"BFG-Living Legends - Die Eisrose" = Living Legends: Die Eisrose
"BFG-Otherworld - Fruehling der Schatten" = Otherworld: Frühling der Schatten
"BFG-Shiver - Poltergeist" = Shiver: Poltergeist
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"dcmsvc_is1" = dcmsvc 1.0
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"GamersFirst LIVE!" = GamersFirst LIVE!
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Imikimi Plugin" = Imikimi Plugin
"IncrediMail" = IncrediMail 2.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Jewel Quest II_is1" = Jewel Quest II
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office8.0" = Microsoft Office 97, Professional Edition
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Photographerbook_is1" = Photographerbook 3.0
"PhotoScape" = PhotoScape
"Pixum Fotobuch" = Pixum Fotobuch
"RegClean Pro_is1" = RegClean Pro
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"ShapeCollage" = Shape Collage
"Sprill" = Sprill
"Steam App 40950" = Stronghold
"Steam App 47400" = Stronghold 3
"Sudoku - Eastern wisdom_is1" = Sudoku - Eastern wisdom
"Trojan Remover_is1" = Trojan Remover 6.8.5
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VLC media player 0.9.9
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio 4.2.16.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"DeskSpace" = DeskSpace 1.5.8.13 Trial
"FoxTab Music Converter" = FoxTab Music Converter
"Game Organizer" = EasyBits GO
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ ACEEventLog Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
 
< End of report >

Alt 10.10.2012, 20:39   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Code:
ATTFilter
DRV:64bit: - [2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
AVG und Avira sind beide installiert?! Sowas geht garnicht, bitte einen umgehend deinstallieren und danach wieder ein neues OTL-Log machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 21:06   #28
Kudoka
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Das Neue Log:

Code:
ATTFilter
OTL logfile created on: 10.10.2012 21:48:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steffi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 82,42% Memory free
7,78 Gb Paging File | 7,21 Gb Available in Paging File | 92,58% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 317,46 Gb Free Space | 69,24% Space Free | Partition Type: NTFS
Drive D: | 458,36 Gb Total Space | 435,95 Gb Free Space | 95,11% Space Free | Partition Type: NTFS
 
Computer Name: STEFFI-PC | User Name: steffi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 17:39:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008.10.03 11:38:46 | 000,908,800 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 19:29:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.18 17:45:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.06 21:35:21 | 000,419,624 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.07 10:13:24 | 000,235,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.10.22 15:18:54 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.03 18:04:33 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2009.11.16 18:33:38 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.09 15:41:27 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.09 15:41:27 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.04.30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009.04.09 13:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008.10.03 12:30:42 | 004,766,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.04.28 11:02:40 | 000,055,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.03.04 23:39:22 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.03.04 23:39:22 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.03.04 23:39:20 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2006.10.04 12:45:16 | 000,015,656 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m5641
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m5641
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20121005&user_guid=2B3D7D2912C94F4CA55A4EB5BC69E6F9&machine_id=1c328ee4814ba59e782a381e88a3d99c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{2560439D-506D-440A-9BD7-7274A8BC3F83}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{449E2B9E-8CDC-49FB-9FA8-C985E2466B28}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{51EFFCC8-61E7-4F82-B2A8-FD407206DD64}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{A328C9FD-C6C9-4357-8A54-838AADD0855E}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{E8C68D8B-50DB-45E5-9E06-A9351B54682E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F334A448-2DA9-4FE2-9F31-C936A073821A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F9B4B5FE-9EA3-43F2-8C4C-1B65E3685D35}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.5.20111209014555
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.3
FF - prefs.js..extensions.enabledAddons: crossriderapp498@crossrider.com:0.76.37
FF - prefs.js..extensions.enabledAddons: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.9.0.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr@Facemoods.com:1.4.1
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5190
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:3.1.0.1630
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1840
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=de_DE&apn_uid=6371CA51-8EDD-4E6C-9BC0-9F343C807888&apn_ptnrs=Q6&apn_sauid=31A23868-0BFC-4A90-9B33-50027775E436&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer:  File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\steffi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.07 15:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.05 05:59:55 | 000,000,000 | ---D | M]
 
[2012.03.12 19:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Extensions
[2009.11.15 20:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.10.10 13:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Firefox\Profiles\dqxh7hlm.default\extensions
[2012.06.06 17:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.26 19:39:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.11 12:53:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.09.10 21:01:08 | 000,000,000 | ---D | M] (QuestService) -- C:\Program Files (x86)\mozilla firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
[2012.07.18 17:45:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.04 21:03:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.12.17 19:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2009.10.26 17:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\steffi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: ICQ Sparberater = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.4.9_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\RunOnce: [Report] C:\AdwCleaner[S4].txt ()
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk = C:\Program Files (x86)\DeskSpace\deskspace.exe (Otaku Software Pty Ltd)
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB39830-1911-45D8-83E2-795119A08CEF}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA40AB2-C23D-4F2C-8C16-5477E99BC32E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35d09530-bfe8-11df-806d-0024210f4e62}\Shell - "" = AutoRun
O33 - MountPoints2\{35d09530-bfe8-11df-806d-0024210f4e62}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35d0955c-bfe8-11df-806d-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{964a39fd-ce12-11df-b4e5-00a0c6000000}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{c2ea522a-5055-11de-8290-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2ea522a-5055-11de-8290-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ASETRES.EXE -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^steffi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^steffi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Acer Empowering Technology Monitor - hkey= - key= - C:\Acer\Empowering Technology\SysMonitor.exe ()
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Advanced System Protector_startup - hkey= - key= - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AVG_TRAY - hkey= - key= - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig:64bit - StartUpReg: BabylonToolbar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
MsConfig:64bit - StartUpReg: dcmsvc - hkey= - key= - C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: EPSON SX110 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFBE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\steffi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Guard.Mail.ru.gui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: InboxToolbar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NVRaidService - hkey= - key= - C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
MsConfig:64bit - StartUpReg: NvSvc - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig:64bit - StartUpReg: PCMMediaSharing - hkey= - key= - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
MsConfig:64bit - StartUpReg: PCPowerSpeed - hkey= - key= - C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
MsConfig:64bit - StartUpReg: PCSpeedUp - hkey= - key= - C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ROC_ROC_NT - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: vProt - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WindowsWelcomeCenter - hkey= - key= -  File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1FDBD6E0-7797-D354-5251-32691B77CF32} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {46710DA1-22E5-477D-F7C0-D4D6690A81FF} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 17:39:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
[2012.10.10 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\steffi\Desktop\Neuer Ordner (2)
[2012.10.10 15:36:32 | 000,000,000 | ---D | C] -- C:\Users\steffi\Desktop\Neuer Ordner
[2012.10.10 13:16:37 | 000,000,000 | ---D | C] -- C:\Users\steffi\Documents\Simply Super Software
[2012.10.08 23:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.08 23:41:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\steffi\Desktop\esetsmartinstaller_enu (1).exe
[2012.10.08 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Roaming\Malwarebytes
[2012.10.08 01:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.10.08 01:09:07 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\SysWow64\ztv7z.dll
[2012.10.08 01:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.10.08 01:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.10.07 22:19:28 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Local\Systweak
[2012.10.07 21:41:08 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Roaming\Systweak
[2012.10.07 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.07 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.07 20:53:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.07 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.07 20:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012.10.07 20:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012.10.07 20:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2012.10.07 20:17:41 | 000,017,080 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.10.07 20:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.10.07 20:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012.10.07 19:33:09 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.10.07 03:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012.10.07 02:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2012.10.05 14:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.10.05 14:26:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.10.05 14:25:17 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.10.05 14:25:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.10.05 14:25:13 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.10.05 14:25:13 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.10.05 14:25:13 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.10.05 14:25:10 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.10.05 14:25:10 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.10.05 14:25:10 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.10.05 14:25:09 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.10.05 14:25:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.10.05 14:25:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.10.05 14:25:03 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.10.05 14:25:03 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.10.05 14:25:02 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.10.05 14:25:02 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.10.05 14:25:00 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.10.05 14:24:59 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.10.05 14:24:58 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.10.05 14:24:58 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.10.05 14:24:57 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.10.05 14:24:56 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012.10.05 14:24:56 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.10.05 14:24:55 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.10.05 14:24:54 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.10.05 14:24:54 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.10.05 14:24:53 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.10.05 14:24:53 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.10.05 14:24:53 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.10.05 14:24:41 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.10.05 14:24:40 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.10.05 14:24:40 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.10.05 14:24:40 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.10.05 14:24:39 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.10.05 14:24:39 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.10.05 14:24:38 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.10.05 14:24:38 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.10.05 14:24:37 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.10.05 14:24:37 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.10.05 14:24:37 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.10.05 14:24:36 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.10.05 14:24:36 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.10.05 14:24:36 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.10.05 14:24:36 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.10.05 14:24:35 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.10.05 14:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.10.05 14:18:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.10.05 13:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2012.10.05 13:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.10.05 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.10.05 13:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.10.05 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.10.05 13:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.10.04 23:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.04 21:48:28 | 000,000,000 | ---D | C] -- C:\Herr der Ringe Online
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 21:45:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 17:39:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
[2012.10.10 17:39:34 | 000,048,924 | ---- | M] () -- C:\Users\steffi\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.10.10 16:55:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 16:55:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 16:48:36 | 000,000,853 | ---- | M] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
[2012.10.09 16:25:39 | 000,538,327 | ---- | M] () -- C:\Users\steffi\Desktop\adwcleaner.exe
[2012.10.08 23:41:56 | 002,322,184 | ---- | M] (ESET) -- C:\Users\steffi\Desktop\esetsmartinstaller_enu (1).exe
[2012.10.08 17:05:20 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 15:33:41 | 000,036,864 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2012.10.08 00:19:27 | 000,001,480 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.10.08 00:16:08 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\RegClean Pro.job
[2012.10.07 23:13:27 | 000,093,184 | ---- | M] () -- C:\Users\steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.07 20:18:31 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.10.07 20:17:40 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.10.07 19:12:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 17:39:20 | 000,385,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.07 17:36:53 | 000,011,543 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.10.04 21:29:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.04 16:22:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
[2012.09.21 12:05:36 | 000,017,080 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
 
========== Files Created - No Company Name ==========
 
[2012.10.10 17:39:34 | 000,048,924 | ---- | C] () -- C:\Users\steffi\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.10.09 16:25:37 | 000,538,327 | ---- | C] () -- C:\Users\steffi\Desktop\adwcleaner.exe
[2012.10.08 16:30:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 01:09:07 | 000,185,616 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll
[2012.10.08 01:09:07 | 000,169,744 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012.10.08 01:09:07 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.10.08 01:09:07 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012.10.08 01:09:07 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.10.07 20:42:09 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\RegClean Pro.job
[2012.10.07 20:30:04 | 000,001,480 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.10.07 20:18:31 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.10.07 20:18:30 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2012.10.07 20:17:40 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 17:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 17:38:51 | 000,385,064 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 14:25:03 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.10.05 13:34:21 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.10.04 21:29:46 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.04 11:13:28 | 000,000,853 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
[2012.09.25 15:31:45 | 000,001,077 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
[2012.09.05 16:50:30 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.08.27 20:56:42 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2012.08.27 20:56:41 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.08.27 20:56:41 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.28 15:23:56 | 000,027,520 | ---- | C] () -- C:\Users\steffi\AppData\Local\dt.dat
[2012.07.28 15:23:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.06.07 18:17:21 | 000,001,103 | ---- | C] () -- C:\Users\steffi\pics.lnk
[2012.05.17 08:09:55 | 000,000,552 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d8caps.dat
[2012.05.17 08:09:31 | 000,001,356 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d9caps.dat
[2012.05.17 08:08:08 | 000,000,732 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d9caps64.dat
[2012.04.21 13:28:57 | 000,022,528 | -H-- | C] () -- C:\Users\steffi\photothumb.db
[2012.04.21 12:41:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.04.21 12:41:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.04.21 12:40:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.04.13 11:59:21 | 000,270,093 | ---- | C] () -- C:\Users\steffi\oma herz11.jpg
[2012.04.13 11:58:40 | 000,264,609 | ---- | C] () -- C:\Users\steffi\oma herz.jpg
[2012.04.13 11:50:10 | 000,309,321 | ---- | C] () -- C:\Users\steffi\deika herz.jpg
[2012.04.13 11:32:41 | 000,171,175 | ---- | C] () -- C:\Users\steffi\toni herz.jpg
[2012.04.12 12:23:28 | 000,001,576 | ---- | C] () -- C:\Users\steffi\.recently-used.xbel
[2011.12.02 11:54:53 | 000,000,000 | ---- | C] () -- C:\Users\steffi\AppData\Local\{D1532B29-5D6C-4A65-BAB1-6C28BE6FAE54}
[2011.08.30 17:24:51 | 000,000,000 | ---- | C] () -- C:\Users\steffi\AppData\Local\{34E27691-0E84-4939-8086-6529212AF7AB}
[2011.07.12 00:04:20 | 000,032,479 | ---- | C] () -- C:\Users\steffi\ahja.rtf
[2011.01.13 12:51:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.20 15:29:24 | 000,009,728 | ---- | C] () -- C:\Users\steffi\schlecker.wps
[2010.12.20 14:19:44 | 000,004,138 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\wklnhst.dat
[2009.12.13 11:32:31 | 000,000,231 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\mb3settings.xml
[2009.12.13 11:32:23 | 000,131,200 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Tahoma_12.dds
[2009.12.13 11:32:23 | 000,004,096 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Tahoma_12.crd
[2009.09.05 12:56:35 | 000,000,094 | ---- | C] () -- C:\Users\steffi\AppData\Local\fusioncache.dat
[2009.06.26 22:16:40 | 000,093,184 | ---- | C] () -- C:\Users\steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========

Alt 10.10.2012, 21:07   #29
Kudoka
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Der Rest:
Code:
ATTFilter
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Acer GameZone Console
[2011.11.15 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\LG Electronics
[2011.08.27 14:04:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Vodafone
[2010.08.28 00:07:56 | 000,000,000 | -HSD | M] -- C:\Users\steffi\AppData\Roaming\.#
[2012.05.27 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\.minecraft
[2012.07.19 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\4 Friends Games
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Acer GameZone Console
[2012.06.18 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AlawarEntertainment
[2011.11.22 02:43:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AnvSoft
[2012.07.02 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Artogon
[2012.07.07 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AVG2012
[2012.07.03 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Big Fish Games
[2011.03.15 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\BlamGames
[2012.07.02 08:21:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Blue Tea Games
[2012.07.18 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Boomzap
[2011.07.31 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Canneverbe Limited
[2011.01.11 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\cerasus.media
[2012.07.03 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ChaYoWo Games
[2009.11.17 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ClubCooee
[2011.11.25 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.01.18 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2011.05.22 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2012.02.18 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoft
[2012.02.18 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.22 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\EleFun Games
[2012.07.04 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enki Games
[2012.07.04 11:03:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enlightenus
[2012.07.02 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS G-Studio
[2012.06.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS Game Studios
[2009.06.27 13:00:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\eSobi
[2010.12.16 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Fighters
[2012.01.31 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Flood Light Games
[2009.06.27 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FloodLightGames
[2012.07.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Friday's games
[2012.06.22 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Frogwares
[2009.06.27 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Gaijin Ent
[2011.07.26 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\go
[2012.04.12 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\gtk-2.0
[2012.03.09 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ICQ Search
[2010.12.25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InterTrust
[2010.08.06 07:31:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\LG Electronics
[2009.09.14 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Little Games Company
[2012.06.22 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MA2
[2009.12.13 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Magic Academy
[2012.07.01 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mariaglorum
[2009.12.05 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Meridian93
[2011.01.21 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Merscom
[2012.01.31 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MyPlayCity
[2009.12.13 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mysteryville2
[2011.03.22 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Namco
[2010.10.18 10:18:30 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OCS
[2011.08.03 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OpenOffice.org
[2010.10.18 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Opera
[2012.06.20 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Orneon
[2012.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OtakuSoftware
[2012.10.04 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PCPowerSpeed
[2011.01.21 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Phantasmat_bf_ce1
[2011.12.05 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PhotoScape
[2011.01.19 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayFirst
[2010.12.15 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayPond
[2011.03.24 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\QB9
[2011.09.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Red Alert 3
[2012.10.08 00:12:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Systweak
[2010.12.20 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Template
[2011.03.15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TikisLab
[2012.07.19 09:10:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Top Evidence
[2011.09.23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TS3Client
[2012.04.13 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TuneUp Software
[2009.09.05 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Turbine
[2010.07.28 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vivox
[2010.09.14 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vodafone
[2009.06.27 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Wildlife Park 2
[2012.01.31 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\YoudaGames
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Zylom
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Acer GameZone Console
[2011.08.27 14:07:50 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Vodafone
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Acer GameZone Console
[2012.10.04 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\AVG2012
[2012.10.04 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\PCPowerSpeed
[2012.10.08 01:09:11 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Simply Super Software
[2012.10.07 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Systweak
[2011.12.01 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.28 00:07:56 | 000,000,000 | -HSD | M] -- C:\Users\steffi\AppData\Roaming\.#
[2012.05.27 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\.minecraft
[2012.07.19 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\4 Friends Games
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Acer GameZone Console
[2011.05.22 10:40:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Adobe
[2012.06.18 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AlawarEntertainment
[2011.11.22 02:43:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AnvSoft
[2011.09.19 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Apple Computer
[2012.07.02 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Artogon
[2009.06.26 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ATI
[2012.07.07 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AVG2012
[2012.07.03 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Big Fish Games
[2011.03.15 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\BlamGames
[2012.07.02 08:21:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Blue Tea Games
[2012.07.18 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Boomzap
[2011.07.31 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Canneverbe Limited
[2011.01.11 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\cerasus.media
[2012.07.03 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ChaYoWo Games
[2009.11.17 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ClubCooee
[2011.11.25 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009.08.11 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\CyberLink
[2011.01.18 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2011.05.22 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.01.11 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DivX
[2011.08.19 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\dvdcss
[2012.02.18 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoft
[2012.02.18 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.22 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\EleFun Games
[2012.07.04 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enki Games
[2012.07.04 11:03:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enlightenus
[2012.07.02 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS G-Studio
[2012.06.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS Game Studios
[2009.06.27 13:00:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\eSobi
[2010.12.16 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Fighters
[2010.09.14 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FLEXnet
[2012.01.31 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Flood Light Games
[2009.06.27 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FloodLightGames
[2012.07.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Friday's games
[2012.06.22 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Frogwares
[2009.06.27 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Gaijin Ent
[2011.07.26 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\go
[2009.08.18 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Google
[2012.04.12 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\gtk-2.0
[2012.03.09 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ICQ Search
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Identities
[2010.08.06 07:31:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InstallShield
[2010.12.25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InterTrust
[2010.08.06 07:31:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\LG Electronics
[2009.09.14 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Little Games Company
[2012.06.22 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MA2
[2009.06.26 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Macromedia
[2009.12.13 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Magic Academy
[2012.10.08 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Malwarebytes
[2012.07.01 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mariaglorum
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Media Center Programs
[2009.12.05 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Meridian93
[2011.01.21 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Merscom
[2012.08.28 08:32:40 | 000,000,000 | --SD | M] -- C:\Users\steffi\AppData\Roaming\Microsoft
[2009.11.15 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mozilla
[2012.01.31 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MyPlayCity
[2009.12.13 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mysteryville2
[2011.03.22 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Namco
[2010.10.18 10:18:30 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OCS
[2011.08.03 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OpenOffice.org
[2010.10.18 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Opera
[2012.06.20 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Orneon
[2012.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OtakuSoftware
[2012.10.04 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PCPowerSpeed
[2011.01.21 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Phantasmat_bf_ce1
[2011.12.05 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PhotoScape
[2011.01.19 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayFirst
[2010.12.15 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayPond
[2011.03.24 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\QB9
[2011.09.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Red Alert 3
[2009.06.28 13:11:01 | 000,000,000 | RH-D | M] -- C:\Users\steffi\AppData\Roaming\SecuROM
[2012.01.31 13:42:15 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Skype
[2011.05.29 10:16:34 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\skypePM
[2010.12.15 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\SunRay Games
[2012.10.08 00:12:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Systweak
[2009.09.20 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\teamspeak2
[2010.12.20 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Template
[2011.03.15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TikisLab
[2012.07.19 09:10:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Top Evidence
[2011.09.23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TS3Client
[2012.04.13 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TuneUp Software
[2009.09.05 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Turbine
[2010.07.28 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vivox
[2009.06.30 16:20:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\vlc
[2010.09.14 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vodafone
[2009.06.27 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Wildlife Park 2
[2011.04.25 14:41:17 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\WinRAR
[2012.01.31 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\YoudaGames
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2011.12.17 01:28:00 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\steffi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.03 12:12:22 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\steffi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.01.11 16:54:35 | 000,010,134 | R--- | M] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.10.22 15:18:54 | 000,106,496 | ---- | M] (OCS) -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.10.22 15:18:54 | 000,040,960 | ---- | M] () -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 17:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:42:03 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.16 20:02:48 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.08.30 01:12:14 | 000,000,450 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for steffi.job
[2011.11.10 23:12:05 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000Core.job
[2011.11.10 23:12:05 | 000,001,142 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
[2012.05.25 07:02:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.04 21:29:46 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.07 20:42:09 | 000,000,314 | ---- | C] () -- C:\Windows\Tasks\RegClean Pro.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:B6DD2C7E
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:12383CAE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D7D0B4AF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CCB49694
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E87AB4E3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD95E6D9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F2B5D9AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6499508E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C86B29EB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5E9B629B

< End of report >
(Ohne Avira)

Alt 11.10.2012, 13:30   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren selbst löschen, ohne neu Installation? - Standard

Viren selbst löschen, ohne neu Installation?


Das gibt es doch nicht, da ist immer noch Toolbar- und Adwaremüll drin!

Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 4 1 2 34

Themen zu Viren selbst löschen, ohne neu Installation?
abgesicherten, adware.doubled, alten, buzus, forum, gelöscht, hallo zusammen, infizierte, installation, löschen, malware, modus, neu, quarantäne, rechner, sofort, versucht, viren, vista, vista home premium, windows, windows vista, zusammen


« Malware.packer | GVU-Trojaner - Entfernen oder Windows neu installieren? »

Ähnliche Themen: Viren selbst löschen, ohne neu Installation?


  1. E-Mails und E-Mail Ordner in Thunderbird löschen sich nach Neustart von selbst!
    Plagegeister aller Art und deren Bekämpfung - 07.11.2015 (11)
  2. WIN7: PUA/Installmonetizer installiert sich nach dem Löschen immer wieder selbst
    Log-Analyse und Auswertung - 25.07.2015 (12)
  3. Avast! meldet: infiziert von VAFPlayer [PUP], kann es aber nicht selbst löschen
    Log-Analyse und Auswertung - 12.01.2014 (9)
  4. Windows 7: PC von selbst und bisher einmalig ohne ersichtlichen Grund heruntergefahren
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (19)
  5. Windows 7: Komische Werbung bei Chrome und selbst öffnende Fenster nach Tune-Up Utilities Installation
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (11)
  6. Windows update / net framework 4 installation / viren
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (26)
  7. Virus von externer Festplatte löschen ohne Bilder davon zu löschen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  8. Trojaner/Viren löschen, OHNE Programm
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (1)
  9. Festplatte löschen ohne CD Laufwerk?
    Antiviren-, Firewall- und andere Schutzprogramme - 05.04.2011 (3)
  10. Windows Löschen ohne Formatieren?
    Alles rund um Windows - 20.05.2010 (3)
  11. Internet Explorer öffnete sich von selbst, nach Löschen des IE immer noch probleme
    Log-Analyse und Auswertung - 07.05.2010 (1)
  12. Trojaner auf SD-Speicherkarte, wie löschen ohne PCs zu infizieren?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2010 (4)
  13. XP löschen ohne Formatieren
    Alles rund um Windows - 14.10.2009 (9)
  14. Datei löschen scheitert, selbst im abgesicherten Modus!!
    Plagegeister aller Art und deren Bekämpfung - 08.10.2009 (4)
  15. Viren bekämpfen ohne Anti Viren Programm
    Plagegeister aller Art und deren Bekämpfung - 28.11.2007 (22)
  16. Trojaner löschen, ohne die Datei zu verlieren?
    Plagegeister aller Art und deren Bekämpfung - 13.06.2007 (5)
  17. Problem nach ZA-Installation/löschen von Spyware
    Log-Analyse und Auswertung - 12.04.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Viren selbst löschen, ohne neu Installation? - Bitte einen Kontrollscan mit dem adwCleaner machen: Starte die adwcleaner.exe mit einem Doppelklick. Klicke auf Suche . Nach Ende des Suchlaufs öffnet sich eine Textdatei. Poste mir den Inhalt mit - Viren selbst löschen, ohne neu Installation?...
Archiv
Du betrachtest: Viren selbst löschen, ohne neu Installation? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27