Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 - als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 03.07.2013, 20:58   #1
Tizzia
 
Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Standard

Problem: Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!



Guten Abend, ich bin nur ein einfacher Nutzer, habe versucht die Files zu erstellen...hoffe es reicht.


Ich Hoffe ihr könnt mir helfen.
Computer ist lahm
Computer schaltet sich immer wieder ein.

Vielen Dank





OTL logfile created on: 03.07.2013 20:24:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kiki\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,96% Memory free
6,18 Gb Paging File | 4,51 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 16,45 Gb Free Space | 14,14% Space Free | Partition Type: NTFS
Drive E: | 115,05 Gb Total Space | 1,79 Gb Free Space | 1,56% Space Free | Partition Type: NTFS

Computer Name: SOULFRIENDS1 | User Name: Kiki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.03 20:01:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2013.02.19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2013.02.19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2013.02.19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012.12.14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\Receiver\Receiver.exe
PRC - [2012.12.14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe
PRC - [2012.12.14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe
PRC - [2012.12.12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.12.07 15:25:01 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009.01.19 11:20:40 | 001,985,080 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Programme\Spy Emergency 2008\SpyEmergency.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.01.29 19:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008.01.09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007.12.25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.16 10:11:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.05.16 10:01:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\adc5863246b4c1f20b21d823bc6ee21b\System.Windows.Forms.ni.dll
MOD - [2013.02.14 15:11:09 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.11 05:43:36 | 005,457,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1beca67411be68bc4032f757b5ea6ebb\System.Xml.ni.dll
MOD - [2013.01.11 05:43:03 | 006,648,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4ecb5cac26d2d944c36bce794fbeecf5\System.Data.ni.dll
MOD - [2013.01.11 04:32:19 | 001,597,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3c962fecd27f03689497125f43677fe3\System.Drawing.ni.dll
MOD - [2013.01.11 04:30:07 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.09.13 15:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe /service -- (RelevantKnowledge)
SRV - [2013.07.01 22:35:40 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013.06.11 23:56:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.09 08:14:38 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2013.02.19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013.02.19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012.11.16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.12.07 15:25:01 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011.12.07 15:24:53 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2009.01.19 11:20:46 | 000,727,608 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Stopped] -- C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - [2013.02.19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013.02.19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013.02.19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013.02.19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013.02.19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013.02.19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013.02.19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013.02.19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012.12.05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012.04.20 17:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010.06.23 11:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.21 17:05:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.12.22 16:07:00 | 000,108,768 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV08.sys -- (ACEDRV08)
DRV - [2009.09.16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009.09.16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009.06.10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.08.11 17:13:24 | 000,015,288 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV - [2008.04.17 17:59:02 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2008.04.17 17:58:00 | 000,560,640 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2008.02.05 12:10:14 | 000,014,392 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV - [2008.02.05 12:10:10 | 000,012,344 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\spyemrg.sys -- (SpyEmrg)
DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.09.26 07:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{041E2009-2712-4AD9-A4AC-50F9D8539177}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{041E2009-2712-4AD9-A4AC-50F9D8539177}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109868&tt=050412_30b&babsrc=SP_ss&mntrId=bc13d0e4000000000000001f3cb8cb39
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AED1B68C-71DD-456A-ADB9-FB10DFDDE206}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "xemote-browser Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2618531&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledAddons: wisestamp%40wisestamp.com:3.11.21
FF - prefs.js..extensions.enabledAddons: %7B694b57c6-ad53-4442-8290-c5539e368aac%7D:5.1
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5.1
FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.16.2.509
FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:15.1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {48405d3d-2674-4cd8-b1ef-9a719443bd3f}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:2.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://mystart.magentic.com/?loc=FF_Magentic_AddressBar&search="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.07.03 19:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.09 08:14:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.09 08:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.03.28 14:40:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.09 08:14:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.09 08:14:27 | 000,000,000 | ---D | M]

[2008.11.09 15:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\Extensions
[2013.06.09 08:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions
[2013.06.09 08:16:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2011.03.14 22:38:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.23 18:26:42 | 000,000,000 | ---D | M] (SweetIM Toolbar) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{694b57c6-ad53-4442-8290-c5539e368aac}
[2011.04.05 11:30:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\engine@conduit.com
[2012.02.10 20:15:24 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\piclens@cooliris.com
[2013.03.20 16:21:25 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.06.09 08:16:32 | 000,504,879 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\toolbar@gmx.net.xpi
[2012.05.22 13:55:52 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\wisestamp@wisestamp.com.xpi
[2012.12.15 06:16:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.06.09 08:11:44 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.13 12:55:52 | 000,000,931 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\conduit.xml
[2013.06.09 08:09:40 | 000,000,944 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\icqplugin.xml
[2010.05.01 10:49:38 | 000,002,149 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\MyStart Search.xml
[2013.05.10 00:46:46 | 000,004,103 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\SweetIM Search.xml
[2013.06.09 08:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.06.09 08:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.09 08:14:39 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.09 08:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2013.06.09 08:14:22 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2013.07.03 19:49:36 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll
[2006.09.26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.04.11 20:00:52 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009.11.08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
[2009.11.28 01:23:15 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={A9249580-4308-11DE-AEAA-001E3368F9BD}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Flatcast Viewer Plugin 5.2.2.454 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll
CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20130421192142.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll̀ File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{415AC5BE-E6EE-4719-98AB-4D125F9F5722}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F077B84E-188E-41FA-84FC-6E7A3CE8FC22}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kiki\Pictures\Kendra Mae 17.05.2012.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kiki\Pictures\Kendra Mae 17.05.2012.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.03 20:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.07.03 20:01:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe
[2013.07.01 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F}
[2013.06.29 12:15:00 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\acccore
[2013.06.29 12:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2013.06.29 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\AOL OCP
[2013.06.29 12:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2013.06.29 12:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2013.06.29 12:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2013.06.29 12:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2013.06.29 12:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2013.06.29 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\AIM6
[2013.06.28 16:48:23 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\ArtifexMundi
[2013.06.27 19:20:56 | 000,000,000 | ---D | C] -- C:\Users\Kiki\Desktop\Bücher
[2013.06.26 17:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.26 17:41:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.06.26 17:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.06.18 11:48:39 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\viking_saga_en
[2013.06.11 00:01:58 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\BlamGames
[2013.06.10 23:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
[2013.06.09 08:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.06.07 16:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CrioGames
[2013.06.07 16:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Tribe 2
[2013.06.04 17:01:32 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{49647C14-DA28-4B8F-B547-CD4D11231D7C}
[2013.06.03 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{E0BCBB0D-3041-4A41-9B62-74F240B3C9B2}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.03 20:29:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.03 20:13:38 | 000,001,091 | ---- | M] () -- C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
[2013.07.03 20:03:42 | 000,377,856 | ---- | M] () -- C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
[2013.07.03 20:02:04 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2013.07.03 20:01:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe
[2013.07.03 20:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.07.03 19:55:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.03 19:48:48 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.03 19:48:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 19:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 19:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.03 19:46:20 | 000,000,020 | ---- | M] () -- C:\Users\Kiki\defogger_reenable
[2013.07.03 19:45:15 | 000,050,477 | ---- | M] () -- C:\Users\Kiki\Desktop\Defogger.exe
[2013.07.02 14:10:52 | 000,116,736 | ---- | M] () -- C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.01 11:04:27 | 000,632,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.01 11:04:27 | 000,598,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.01 11:04:27 | 000,106,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.01 11:04:26 | 000,128,616 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.30 21:19:18 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013.06.29 12:12:24 | 000,000,446 | -H-- | M] () -- C:\IPH.PH
[2013.06.29 12:12:04 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\AOL Instant Messenger.lnk
[2013.06.26 17:41:26 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.26 15:34:56 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.15 08:07:56 | 000,000,922 | ---- | M] () -- C:\Users\Kiki\Desktop\Dropbox.lnk
[2013.06.11 00:01:40 | 000,001,263 | ---- | M] () -- C:\Users\Kiki\Desktop\The Keepers 2.lnk
[2013.06.05 10:55:02 | 000,343,931 | ---- | M] () -- C:\Users\Kiki\Documents\Thomas Reichelt.xps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.03 20:03:39 | 000,377,856 | ---- | C] () -- C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
[2013.07.03 19:45:55 | 000,000,020 | ---- | C] () -- C:\Users\Kiki\defogger_reenable
[2013.07.03 19:45:13 | 000,050,477 | ---- | C] () -- C:\Users\Kiki\Desktop\Defogger.exe
[2013.06.29 12:12:04 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\AOL Instant Messenger.lnk
[2013.06.29 12:11:13 | 000,000,446 | -H-- | C] () -- C:\IPH.PH
[2013.06.26 17:41:26 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.11 00:01:40 | 000,001,263 | ---- | C] () -- C:\Users\Kiki\Desktop\The Keepers 2.lnk
[2013.06.05 10:54:58 | 000,343,931 | ---- | C] () -- C:\Users\Kiki\Documents\Thomas Reichelt.xps
[2013.05.14 23:02:35 | 000,332,500 | ---- | C] () -- C:\Users\Kiki\AppData\Local\census.cache
[2013.05.14 23:02:07 | 000,234,458 | ---- | C] () -- C:\Users\Kiki\AppData\Local\ars.cache
[2013.05.14 22:45:10 | 000,000,036 | ---- | C] () -- C:\Users\Kiki\AppData\Local\housecall.guid.cache
[2013.05.13 17:09:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2013.05.13 17:05:24 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.05.13 17:05:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.05.10 17:00:14 | 000,000,092 | ---- | C] () -- C:\Users\Kiki\AppData\Local\fusioncache.dat
[2013.05.10 00:47:35 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.09.03 12:14:54 | 000,000,552 | ---- | C] () -- C:\Users\Kiki\AppData\Local\d3d8caps.dat
[2012.07.07 11:54:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.04.11 20:01:31 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.11 20:01:31 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.01.12 23:36:52 | 000,765,381 | ---- | C] () -- C:\Users\Kiki\Anhang.pdf
[2011.10.17 19:51:46 | 000,715,038 | ---- | C] () -- C:\Windows\unins002.exe
[2011.10.17 19:51:46 | 000,002,324 | ---- | C] () -- C:\Windows\unins002.dat
[2011.09.21 18:47:33 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.09.21 18:47:31 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2011.09.21 18:47:30 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2011.09.21 18:47:26 | 001,202,763 | ---- | C] () -- C:\Windows\unins001.exe
[2011.09.21 18:47:26 | 000,012,748 | ---- | C] () -- C:\Windows\unins001.dat
[2011.02.28 23:01:12 | 000,000,409 | ---- | C] () -- C:\Users\Kiki\Isidiada.pgs
[2011.02.07 14:39:10 | 004,806,101 | ---- | C] () -- C:\Users\Kiki\Kirsten Jan,2011.JPG
[2011.02.07 14:37:37 | 000,197,935 | ---- | C] () -- C:\Users\Kiki\weihnachten.2008.jpg
[2010.12.29 19:12:25 | 000,128,624 | ---- | C] () -- C:\Users\Kiki\postident Jan.pdf
[2010.12.29 19:04:08 | 000,128,619 | ---- | C] () -- C:\Users\Kiki\postident Kiki.pdf
[2010.09.26 16:35:36 | 001,180,594 | ---- | C] () -- C:\Users\Kiki\25092010483.jpg
[2010.09.26 16:35:36 | 000,868,414 | ---- | C] () -- C:\Users\Kiki\23092010474.jpg
[2010.09.26 16:35:36 | 000,752,242 | ---- | C] () -- C:\Users\Kiki\25092010476.jpg
[2010.09.26 16:35:36 | 000,681,173 | ---- | C] () -- C:\Users\Kiki\25092010475.jpg
[2010.09.26 16:35:36 | 000,657,616 | ---- | C] () -- C:\Users\Kiki\01092010472.jpg
[2010.09.26 16:35:36 | 000,650,299 | ---- | C] () -- C:\Users\Kiki\25092010486.jpg
[2010.09.26 16:35:36 | 000,637,720 | ---- | C] () -- C:\Users\Kiki\25092010484.jpg
[2010.09.26 16:35:36 | 000,626,483 | ---- | C] () -- C:\Users\Kiki\25092010478.jpg
[2010.09.26 16:35:36 | 000,626,403 | ---- | C] () -- C:\Users\Kiki\25092010479.jpg
[2010.09.26 16:35:36 | 000,614,368 | ---- | C] () -- C:\Users\Kiki\15092010473.jpg
[2010.09.26 16:35:36 | 000,608,875 | ---- | C] () -- C:\Users\Kiki\25092010477.jpg
[2010.09.26 16:35:36 | 000,605,553 | ---- | C] () -- C:\Users\Kiki\25092010485.jpg
[2010.09.26 16:35:36 | 000,590,603 | ---- | C] () -- C:\Users\Kiki\25092010480.jpg
[2010.09.26 16:35:36 | 000,565,015 | ---- | C] () -- C:\Users\Kiki\25092010482.jpg
[2010.09.26 16:35:36 | 000,524,303 | ---- | C] () -- C:\Users\Kiki\25092010481.jpg
[2010.09.26 15:59:02 | 000,533,429 | ---- | C] () -- C:\Users\Kiki\25092010487.jpg
[2010.09.04 13:00:27 | 000,577,442 | ---- | C] () -- C:\Users\Kiki\WickiTel_Sep2010.jpg
[2010.09.04 13:00:27 | 000,099,459 | ---- | C] () -- C:\Users\Kiki\WickiTel_Sep2010.MHT
[2010.04.08 12:48:03 | 000,365,486 | ---- | C] () -- C:\Users\Kiki\kirsten 248.jpg
[2010.04.08 12:48:03 | 000,353,917 | ---- | C] () -- C:\Users\Kiki\kirsten 247.jpg
[2010.04.08 12:48:03 | 000,352,818 | ---- | C] () -- C:\Users\Kiki\kirsten 250.jpg
[2010.04.08 12:48:03 | 000,332,030 | ---- | C] () -- C:\Users\Kiki\kirsten 242.jpg
[2010.03.21 19:40:55 | 000,022,680 | ---- | C] () -- C:\Users\Kiki\AppData\Local\slot1.mm1
[2010.01.14 16:47:07 | 000,026,340 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\UserTile.png
[2009.11.22 17:41:52 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\mxfilerelatedcache.mxc2
[2009.11.22 17:26:11 | 000,038,977 | ---- | C] () -- C:\Users\Kiki\21-05-07_1927.jpg
[2009.10.13 20:46:12 | 000,696,277 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\unins000.exe
[2009.10.13 20:46:12 | 000,001,157 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\unins000.dat
[2009.09.07 18:56:23 | 000,124,177 | ---- | C] () -- C:\Users\Kiki\Anklageschrift.htm
[2009.09.07 18:38:09 | 002,090,142 | ---- | C] () -- C:\Users\Kiki\Anklageschrift.mdi
[2009.08.18 23:23:30 | 000,000,316 | ---- | C] () -- C:\Users\Kiki\Öffentlich - Verknüpfung.lnk
[2009.05.09 11:29:41 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.04.05 12:12:16 | 000,017,092 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\lili.xml
[2009.04.05 12:06:34 | 000,000,378 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\users.xml
[2008.10.27 21:00:47 | 000,000,255 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\mb3settings.xml
[2008.10.27 21:00:11 | 000,131,200 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\Tahoma_12.dds
[2008.10.27 21:00:11 | 000,004,096 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\Tahoma_12.crd
[2008.10.17 12:27:29 | 000,000,000 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\wklnhst.dat
[2008.10.08 22:31:44 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.10.08 22:31:44 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\AppData\Local\mxfilerelatedcache.mxc2
[2008.10.06 14:31:59 | 000,001,356 | ---- | C] () -- C:\Users\Kiki\AppData\Local\d3d9caps.dat
[2008.10.06 12:04:29 | 000,116,736 | ---- | C] () -- C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.06 11:51:11 | 000,000,365 | ---- | C] () -- C:\Users\Kiki\Music.lnk
[2002.07.01 16:13:30 | 000,000,224 | -HS- | C] () -- C:\Users\Kiki\AppData\Roaming\brun_nbeta12.dat

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.08.15 16:54:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\1morebee
[2010.04.26 16:29:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\20000Leagues
[2012.06.08 13:19:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\4 Friends Games
[2013.06.29 12:15:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\acccore
[2009.09.22 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Aisle 5 Games, Inc
[2012.04.17 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alawar
[2012.07.13 11:27:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alawar Stargaze
[2013.06.15 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
[2013.05.09 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AlderGames
[2012.07.21 19:42:40 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\aliasworlds
[2010.10.12 13:34:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alltags-Programme
[2012.06.21 12:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Amaranth Games
[2008.11.06 17:51:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AmuletAdventure
[2010.05.22 09:44:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Anabel
[2012.05.18 08:33:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Aquamarin Haushaltsbuch
[2010.10.09 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Archibald's Adventures
[2009.06.17 22:20:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Argonyt
[2012.05.03 14:07:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Artifex Mundi
[2013.06.28 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ArtifexMundi
[2012.05.21 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Artogon
[2011.12.14 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Awem
[2010.09.14 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AzuazGames
[2010.05.20 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BeachPartyCraze
[2013.06.11 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BlamGames
[2009.04.26 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\blg
[2009.03.06 23:47:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BloodTies
[2012.10.13 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Blue Tea Games
[2012.08.01 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Boomzap
[2011.03.04 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Brunhilda_prime
[2013.02.03 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\calibre
[2011.03.01 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\CannyGames
[2010.12.19 18:39:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\casanova
[2013.06.09 20:22:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\cerasus.media
[2012.06.28 12:43:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Chayowo Games
[2012.09.17 15:46:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\CitadelArcanes
[2010.08.22 10:36:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\concept design
[2009.03.24 21:17:11 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Coyotes Tale
[2012.09.13 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAEMON Tools Lite
[2010.02.21 16:56:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAEMON Tools Pro
[2012.10.28 17:15:16 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAVA
[2012.05.06 12:03:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Deep Shadows
[2013.05.16 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DominiGames
[2009.12.24 14:57:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dragon Altar Games
[2010.05.10 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dream Farm Games
[2011.02.11 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dreamsdwell Stories 2
[2013.07.03 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dropbox
[2013.03.03 20:46:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DVDVideoSoft
[2012.02.01 19:13:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\e-academy Inc
[2011.04.08 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ElementalsTheMagicKey
[2012.11.18 14:00:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Elephant Games
[2012.04.08 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EnchantedCavern
[2011.06.10 23:50:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Enki Games
[2012.03.25 18:29:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EntwinedSoD
[2011.03.20 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EPSON
[2011.04.07 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ERS G-Studio
[2012.09.15 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ERS Game Studios
[2010.04.25 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Fabulous Finds
[2010.10.17 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Farm Mania 2
[2010.11.03 13:22:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\FarmerJane
[2011.12.07 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Fighters
[2012.09.15 15:03:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\flashInstallDE
[2010.10.25 17:28:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Flatcast
[2009.01.03 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\FloodLightGames
[2011.04.15 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Freeze Tag
[2011.07.18 14:52:31 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Friday's games
[2011.06.19 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Frozen Kingdom
[2008.11.15 23:49:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gaijin Ent
[2012.10.08 15:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\gamehouse_adelantado
[2012.07.01 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GameInvest
[2012.09.25 17:39:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GameMill Entertainment
[2011.03.31 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gamers Digital
[2012.06.26 15:19:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Games
[2009.06.09 17:24:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\gemsweeperextractedgfx
[2011.03.30 17:08:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GetRightToGo
[2011.02.27 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Ghost Ship Studios
[2012.06.02 17:26:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gogii
[2010.11.09 13:31:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gogii Games
[2011.04.15 19:35:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HdO Adventure
[2011.07.29 15:31:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HeroCraft
[2009.06.15 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HiT-MM
[2012.06.04 11:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HTC
[2012.01.04 12:20:13 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013.04.13 11:17:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ICAClient
[2008.11.22 20:01:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ICQ
[2011.04.08 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\iMaxGen
[2010.11.07 16:20:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Intenium
[2010.06.14 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Inteniumv1002
[2011.07.30 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Keepers Easter Island
[2012.04.22 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Match 3
[2011.07.29 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Time Deluxe
[2012.05.10 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewels of the East India Company
[2010.11.19 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\JuiceMania
[2013.02.10 14:20:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\KatGames
[2012.03.24 19:41:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Kutawaves Games
[2010.08.15 13:33:14 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\LaJangada
[2010.08.08 15:51:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Lazy Turtle Games
[2012.04.17 16:10:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\LegacyInteractive
[2011.01.16 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Local
[2009.09.05 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Lost in the City
[2009.11.28 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MA
[2008.11.17 18:35:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic Academy
[2011.03.21 20:08:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic Academy 2
[2010.07.06 10:27:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic3
[2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MagicMatch
[2009.10.30 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MAGIX
[2010.11.25 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Merscom
[2012.02.27 01:24:19 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ML
[2013.02.09 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MMFApplications
[2011.08.14 08:36:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MTpro
[2011.04.15 17:30:35 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mutant Arcade
[2009.12.04 00:13:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\My Games
[2008.10.18 16:26:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\myphotobook
[2011.02.16 19:31:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mystery of Mortlake Mansion
[2008.11.15 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mysteryville2
[2010.10.18 19:35:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\NevoSoft Games
[2012.12.29 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Nitreal Games
[2012.10.05 13:10:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\northerntale_rondomedia_de
[2011.07.30 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\OG International Ltd
[2012.09.30 20:12:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\OpenCandy
[2012.05.31 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PapDesigner
[2010.11.14 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PC Suite
[2010.10.19 12:23:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Peace Craft
[2010.09.28 20:17:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeaceCraft2
[2012.08.01 19:55:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeaceCraft3
[2010.01.14 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeerNetworking
[2011.08.14 08:26:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Perspectix
[2010.09.06 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Ph03nixNewMedia
[2011.05.17 15:35:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PlayFirst
[2012.09.08 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Playrix Entertainment
[2011.03.16 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PoBros
[2009.04.19 15:43:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1002
[2010.09.17 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1003
[2010.09.17 18:32:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1006
[2011.03.14 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ProtectDISC
[2012.05.03 16:13:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\quickclick
[2010.08.02 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RainbowGames
[2009.03.24 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RobinsonCrusoeBFGDE
[2010.03.16 16:05:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RobinsonCrusoeCER
[2012.10.19 18:48:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Rumbic Studio
[2008.10.25 19:58:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Runes of Avalon 2
[2009.11.15 14:37:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Sahmon Games
[2012.02.27 00:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Samsung
[2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Saqqarah
[2010.05.09 17:35:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ScreenSeven
[2009.03.08 14:47:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Se Analyzer Tool SA
[2010.06.29 17:12:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SecretIslandDeuBF
[2008.12.29 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SecretIslandEng
[2009.05.15 22:05:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SerpentOfIsis
[2011.01.16 14:56:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SevenSails
[2011.03.08 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ShaoLin
[2010.10.20 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Shape games
[2011.05.31 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Silverback Productions
[2010.11.06 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Skip-Bo
[2011.01.20 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Sleepwalker Games
[2012.09.13 16:53:53 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Specialbit
[2009.02.28 20:10:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SpinTop Games
[2008.10.27 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SprillBermudeDeu
[2010.10.12 13:48:36 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Spy Emergency
[2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\StoneLoops!
[2012.01.24 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Striped Arts
[2009.03.24 22:26:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SultansLabyrinth
[2013.05.10 08:52:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Systweak
[2012.10.03 16:08:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\tabagames
[2011.02.01 14:44:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Thinstall
[2011.05.21 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TLOTGT
[2011.08.28 16:23:49 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Top Evidence
[2008.10.07 17:08:16 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TOSHIBA
[2009.05.24 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Total Eclipse
[2010.07.21 19:05:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Trio
[2008.11.21 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TuneUp Software
[2012.04.05 12:30:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Twilight Games
[2009.09.07 22:11:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Twintale Entertainment
[2012.05.28 12:42:07 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\URSE Games
[2013.06.29 19:47:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Usenet.nl
[2009.12.02 17:56:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\V-Games
[2011.07.31 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ValGor 2
[2010.06.10 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Valusoft
[2011.03.28 20:17:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\VendelGAMES
[2010.11.17 20:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\VeniceMysteryData
[2013.06.18 14:38:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\viking_saga_en
[2012.10.17 18:18:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Western Software Technologies
[2011.03.13 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\WhiteBirdsProductions
[2012.05.10 14:24:29 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\WiiSports101in1
[2010.11.22 14:12:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Wildlife Park 2 - Farm World
[2012.08.30 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\World-Loom
[2010.05.04 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:A3E39C6A
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:AC83EA04
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:A745DB5D
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:AFC732F7
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:B6D84F71
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4EE323A4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6EA64886
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:13765436
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5CE65446
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C8D1C36C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A5CD91DF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:706B1D1A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:17EB5BAE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9CF728A6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5CE91C67

GMER
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-03 21:50:28
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys


---- Kernel code sections - GMER 2.1 ----

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                           section is writeable [0x8B354000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                           unknown last section [0x8B39D000, 0x510, 0x40000040]
.text           C:\Windows\system32\drivers\ACEDRV08.sys                                                                            section is writeable [0x81C08000, 0x328BA, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\ACEDRV08.sys                                                                            entry point in ".pklstb" section [0x81C4C000]
.relo2          C:\Windows\system32\drivers\ACEDRV08.sys                                                                            unknown last section [0x81C68000, 0x8E, 0x42000040]
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                            entry point in ".vmp2" section [0xB011069D]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3208] kernel32.dll!LoadLibraryW                         762C93F0 5 Bytes  JMP 6CE58460 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3208] kernel32.dll!LoadLibraryA                         762C956C 5 Bytes  JMP 6CE58360 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xD2 0x85 0x98 0xFD ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xF8 0x3C 0x3B 0x3E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC0 0x40 0x3D 0x47 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xD2 0x85 0x98 0xFD ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xF8 0x3C 0x3B 0x3E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC0 0x40 0x3D 0x47 ...

---- EOF - GMER 2.1 ----
         
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-03 21:50:59
Windows 6.0.6002 Service Pack 2 
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xD2 0x85 0x98 0xFD ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xF8 0x3C 0x3B 0x3E ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC0 0x40 0x3D 0x47 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xD2 0x85 0x98 0xFD ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xF8 0x3C 0x3B 0x3E ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC0 0x40 0x3D 0x47 ...

---- EOF - GMER 2.1 ----
         
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-03 21:50:59
Windows 6.0.6002 Service Pack 2 
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xD2 0x85 0x98 0xFD ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xF8 0x3C 0x3B 0x3E ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC0 0x40 0x3D 0x47 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xD2 0x85 0x98 0xFD ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xF8 0x3C 0x3B 0x3E ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC0 0x40 0x3D 0x47 ...

---- EOF - GMER 2.1 ----
         
--- --- ---

Danke schönen Abend noch.

Geändert von Tizzia (03.07.2013 um 21:04 Uhr)

Alt 03.07.2013, 22:34   #2
cad
/// caddy ☀
 

Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Standard

Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! Anleitung / Hilfe



Hallo Tizzia und

die Logfiles benötigt man nur, wenn der PC auf Schädlinge untersucht werden soll.
Wenn du das willst, eröffne im entsprechenden Unterforum einen neuen Thread.

Falls nicht, deaktiviere den Energiesparmodus und arbeite diese Anleitung ab

BTW: Hast du versucht mit Tuneup den PC zu optimieren?

Gruß cad
__________________

__________________

Alt 04.07.2013, 00:35   #3
Tizzia
 
Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Standard

Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! Details



Hallo cad ja ich habe mit Tune Up versucht meinen Rechner zu optimieren....

Woher weis ich ob ich einen Virus, Troyaner usw. habe ??

lieben Gruß und Danke...

ich werde dann mal Deiner Anleitung folgen ..

Tizzia
__________________

Alt 04.07.2013, 00:39   #4
mort
 
Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Standard

Lösung: Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!



In den Logs sehe ich Adware.

Alt 04.07.2013, 00:42   #5
Tizzia
 
Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Standard

Wie Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!



Die Anleitung von Dir habe ich schon vorher versucht, auf jeden Fall
die Schritte bin ich durch, Wohin muß ich das Thema genau verschieben??
Danke
lg
Tizzia


Alt 04.07.2013, 00:44   #6
Tizzia
 
Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Icon17

Wo Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! Lösung!



**Adware.** was ist das ??

lg
Tizzia

Alt 04.07.2013, 00:49   #7
mort
 
Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Standard

Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!



Irgendwelche Programme die z.B. nervige Werbung im Browser anzeigen.

Alt 04.07.2013, 14:05   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Standard

Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!



Hier gehts weiter => http://www.trojaner-board.de/137675-...ml#post1101227
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!
adobe, adobe flash player, akamai, autorun, bho, computer, defender, ebay, error, explorer, firefox, flash player, format, freeze, gmx.net, home, mindspark, mindspark toolbar, mozilla, programme, realtek, registry, safer networking, scan, search the web, senden, software, temp, thomas, vista, yahoo



Ähnliche Themen: Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!


  1. Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (35)
  2. PC fährt immer wieder von alleine runter und wieder hoch
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (13)
  3. XP fährt nach Anmeldung kurze Zeit später wieder herunter (dwwin.exe Fehler in der Anwendung)
    Log-Analyse und Auswertung - 02.06.2011 (40)
  4. PC stürzt ab und fährt wieder hoch!
    Log-Analyse und Auswertung - 19.05.2011 (5)
  5. Computer fährt nicht mehr hoch!
    Alles rund um Windows - 02.01.2011 (3)
  6. Computer fährt 5-10 Minuten nach Spielstart in Stromsparmodus...
    Alles rund um Windows - 26.10.2010 (0)
  7. Windows Vista startet nicht, fährt sofort wieder runter und gleich wieder hoch...
    Alles rund um Windows - 03.04.2010 (3)
  8. Computer fährt nicht mehr hoch
    Log-Analyse und Auswertung - 28.11.2009 (2)
  9. Computer stürzt ab / fährt nicht hoch
    Log-Analyse und Auswertung - 13.05.2009 (0)
  10. PC fährt hoch 5 Sekunden später wieder runter
    Netzwerk und Hardware - 12.01.2009 (0)
  11. Computer fährt nicht hoch
    Netzwerk und Hardware - 22.10.2008 (14)
  12. PC fährt über 4 Minuten hoch
    Log-Analyse und Auswertung - 31.12.2007 (10)
  13. Windows fährt hoch, meldet sich an und fährt sofort wieder runter
    Alles rund um Windows - 27.11.2007 (1)
  14. Computer fährt alle 20 Minuten automatisch runter!
    Plagegeister aller Art und deren Bekämpfung - 21.05.2007 (19)
  15. Computer fährt nicht m ehr hoch...
    Netzwerk und Hardware - 25.08.2006 (5)
  16. PC fährt immer wieder hoch
    Alles rund um Windows - 29.05.2006 (2)
  17. Computer fährt nicht immer hoch
    Netzwerk und Hardware - 16.01.2006 (4)

Zum Thema Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! - Guten Abend, ich bin nur ein einfacher Nutzer, habe versucht die Files zu erstellen...hoffe es reicht. Ich Hoffe ihr könnt mir helfen. Computer ist lahm Computer schaltet sich immer wieder - Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch!...
Archiv
Du betrachtest: Versetze den Computer in den Energie Stromsparmodus keine 3 Minuten später fährt er wieder hoch! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.