Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 Safe Mode

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.03.2011, 12:45   #1
gabagandalf
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Hallo,
ich hoffe ich bin hier richtig. Und um das gleich vorne Weg zu nehmen, ich habe bereits gegooglet und die Boardsuche genutzt, nur nix gefunden.

Ich nutze Windows 7 und habe da seit kurzem das Problem, dass mein Desktophintergrund schwarz ist, ich auch keinen neuen wählen kann, außerdem funktioniert mein Taskmanager nicht mehr. Weder auf strg+shift+esc noch ist er bei alt+strg+entf erreichbar.
Außerdem steht oben jetzt aufm Desktop immer "Safe Mode" jeweils links und rechts und in der Mitte "Windows 7 Ultimate...".

Ich habe bereits eine "wuaucldt.exe" in meinem Benutzerverzeichnis gelöscht und eine "28609.exe" direkt in "C:\Programme", da diese von Avira AntiVir detected wurden.
Nun zeigt mir Avira keine Viren mehr an und auch "Super AntiSpyware Free Edition" zeigt nichts mehr an. Genauso ist in Hijack nichts auffälliges zu sehen.

Jedoch besteht das Problem mit dem Taskmanager immer noch und die Anzeige Safe Mode.

Ich habe Windows bereits normal und im Abgesicherten Modus gestartet. Beide Mal selbes Ergebnis.

Danke schon mal für eure Hilfe.

Alt 13.03.2011, 15:00   #2
markusg
/// Malware-holic
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
+ die avira meldungen ebenfalls
__________________

__________________

Alt 13.03.2011, 16:28   #3
gabagandalf
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2011 16:37:10 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Kaimei\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 35,32 Gb Free Space | 7,59% Space Free | Partition Type: NTFS
 
Computer Name: KAIMEI-PC | User Name: Kaimei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Kaimei\AppData\Local\Tempxvi.exe" = C:\Users\Kaimei\AppData\Local\Tempxvi.exe:*:Enabled:xvi
"C:\Users\Kaimei\AppData\Roamingxvi.exe" = C:\Users\Kaimei\AppData\Roamingxvi.exe:*:Enabled:xvi
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Users\Kaimei\AppData\Local\Tempxvi.exe" = C:\Users\Kaimei\AppData\Local\Tempxvi.exe:*:Enabled:xvi
"C:\Users\Kaimei\AppData\Roamingxvi.exe" = C:\Users\Kaimei\AppData\Roamingxvi.exe:*:Enabled:xvi
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F487FBB-72CA-4A33-94C4-5C4665389A29}" = Sun VirtualBox
"{C196A963-4708-430F-AF16-7F8D4FA1DF43}" = TortoiseGit 1.6.3.0 (64 bit)
"{DC5A3CA3-843E-4B2E-8809-1E51DCD41501}" = Ut Video Codec Suite x64
"HashTab" = HashTab 3.0.0
"nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"nbi-tomcat-6.0.26.0.0" = Apache Tomcat 6.0.26
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.12
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.7
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 4.0
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7E60C9C0-B135-41FE-8EEA-0B021BB63234}" = AMCAP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8c6e7e24-bbc6-422c-b9d3-63932ae6a454}" = Nero 9
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97368464-B643-422D-A496-29B409988488}_is1" = TFM Audio Tool 1.2.0.0 Beta
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C71607E2-84EC-4C1F-A649-82E530920C23}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D3CCFC47-72CA-46D7-97AF-341C5FFFE57B}" = Readiris Corporate 12
"{D636771E-EBF6-42F1-A6B8-3B7B27B0DE51}" = Ut Video Codec Suite x86
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}" = DaViDeo 4 professional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F5371573-B045-4A4C-9171-6D99C8FAC876}" = Adobe After Effects CS4 Third Party Content
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.19)
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3File_is1" = AC3File 0.7b
"AC3Filter_is1" = AC3Filter 1.61b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EXCEL" = Microsoft Office Excel 2007
"ffdshow_is1" = ffdshow [rev 2992] [2009-06-09]
"FileZilla Client" = FileZilla Client 3.3.4
"FlashFXP v3.2.0 (Build 1080) Scene Edition" = FlashFXP v3.2.0 (Build 1080) Scene Edition
"FlorensiaEN" = FlorensiaEN 1.10.26
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.2
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Git_is1" = Git version 1.7.4-preview20110204
"Greenfoot_is1" = Greenfoot 2.0.0
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"GuildFTPd" = GuildFTPd FTP Deamon
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"JDownloader" = JDownloader
"JSmooth 0.9.9-7" = JSmooth 0.9.9-7
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"kSub" = kSub 2.2.0.0
"KVIrc" = KVIrc
"League of Legends_is1" = League of Legends
"MediaInfo" = MediaInfo 0.7.26 (32-bit)
"MeGUI" = MeGUI (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Miranda IM" = Miranda IM 0.8.21
"mIRC" = mIRC
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"Notepad++" = Notepad++
"nxclient_is1" = NX Client for Windows 3.4.0-5
"Openfire 3.6.4" = Openfire 3.6.4
"OpenVPN" = OpenVPN 2.1.1
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3b
"Passfoto Manager_is1" = Passfoto Manager Ver. 1.3
"POWERPOINT" = Microsoft Office PowerPoint 2007
"Psi" = Psi (remove only)
"PSPad editor_is1" = PSPad editor
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"RealVNC_is1" = VNC Free Edition 4.1.3
"Ruby-186-27" = Ruby-186-27
"SAM3" = SAM Broadcaster (remove only)
"ShalSoft.GigaTribe_is1" = GigaTribe 3.01.005
"SpeedFan" = SpeedFan (remove only)
"Steam" = Steam
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"uploaded Tool 2009_is1" = uploaded Tool 2009 Version 1.0
"Usenet.nl_is1" = Usenet.nl
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"VobSub" = VobSub v2.23 (Remove Only)
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.2.7
"WORD" = Microsoft Office Word 2007
"wxWidgets_is1" = wxWidgets 2.9.1
"X-Win32" = X-Win32 4.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"653f60ff502b478e" = TS3 Admin
"Winamp Detect" = Winamp Anwendungserkennung
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2011 08:04:07 | Computer Name = Kaimei-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\Nero\Nero 9\nero photosnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 11.03.2011 10:58:18 | Computer Name = Kaimei-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 11.03.2011 12:29:55 | Computer Name = Kaimei-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf33fcb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2  ID des fehlerhaften
 Prozesses: 0x4cc  Startzeit der fehlerhaften Anwendung: 0x01cbe008ab8ac1dc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: cc1dab45-4bfc-11e0-b4fe-0019db2341f0
 
Error - 11.03.2011 16:07:14 | Computer Name = Kaimei-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf33fcb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2  ID des fehlerhaften
 Prozesses: 0xb58  Startzeit der fehlerhaften Anwendung: 0x01cbe024e1951c22  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 27b9097b-4c1b-11e0-b4fe-0019db2341f0
 
Error - 11.03.2011 16:10:58 | Computer Name = Kaimei-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4079 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f50    Startzeit: 
01cbdfe9596a4a15    Endzeit: 276    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 a793962d-4c1b-11e0-b4fe-0019db2341f0  
 
Error - 11.03.2011 16:15:18 | Computer Name = Kaimei-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4079 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e24    Startzeit: 
01cbe02897dd97de    Endzeit: 19    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 469ac048-4c1c-11e0-b4fe-0019db2341f0  
 
Error - 11.03.2011 16:38:09 | Computer Name = Kaimei-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4079 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 728    Startzeit: 
01cbe0290c18fa1a    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 77714782-4c1f-11e0-b4fe-0019db2341f0  
 
Error - 11.03.2011 16:46:45 | Computer Name = Kaimei-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4079 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: bcc    Startzeit: 
01cbe02c3c78259b    Endzeit: 36    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ab6a9401-4c20-11e0-b4fe-0019db2341f0  
 
Error - 13.03.2011 09:54:03 | Computer Name = Kaimei-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 13.03.2011 10:31:16 | Computer Name = Kaimei-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OneClick.exe, Version: 10.0.3010.9,
 Zeitstempel: 0x4d5e61ff  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb3b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002de64  ID des fehlerhaften
 Prozesses: 0x1250  Startzeit der fehlerhaften Anwendung: 0x01cbe18b0b840807  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 8d58cb59-4d7e-11e0-8a99-0019db2341f0
 
[ OSession Events ]
Error - 18.05.2010 12:08:25 | Computer Name = Kaimei-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 16:14:40 | Computer Name = Kaimei-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 504
 seconds with 360 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.03.2011 08:48:30 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.03.2011 08:48:30 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.03.2011 08:48:31 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.03.2011 08:50:02 | Computer Name = Kaimei-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS nicht geladen. Wenden Sie sich an den
 Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 13.03.2011 08:50:02 | Computer Name = Kaimei-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS nicht geladen. Wenden Sie sich an den
 Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 13.03.2011 08:50:14 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Abel" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 13.03.2011 08:50:31 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SASDIFSV  SASKUTIL
 
Error - 13.03.2011 08:51:00 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 13.03.2011 08:51:13 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 13.03.2011 09:53:25 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
OTL.txt

Code:
ATTFilter
OTL logfile created on: 13.03.2011 16:37:10 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Kaimei\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 35,32 Gb Free Space | 7,59% Space Free | Partition Type: NTFS
 
Computer Name: KAIMEI-PC | User Name: Kaimei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kaimei\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TuneUp Utilities 2011\DiskExplorer.exe (TuneUp Software)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
PRC - C:\Users\Kaimei\Desktop\putty06.exe (Simon Tatham)
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Psi\Psi.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\PROGRAM FILES (X86)\STREAMRIPPER\wstreamripper.exe ()
PRC - C:\Program Files (x86)\KVIrc\kvirc.exe (KVIrc Development Team)
PRC - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
PRC - C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Kaimei\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)
MOD - C:\Windows\SysWOW64\crtdll.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_dbc0250.dll ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc.              )
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\Alcwdm64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (xfiltx64) -- C:\Windows\SysNative\drivers\xfiltx64.sys (VIA Technologies,Inc)
DRV:64bit: - (videX64) -- C:\Windows\SysNative\drivers\videX64.sys (VIA Technologies, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de
IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 2C 77 A7 75 B5 CA 01  [binary data]
IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.10 08:22:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.05 22:11:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.06 13:42:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.15 07:09:38 | 000,000,000 | ---D | M]
 
[2010.02.08 16:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Extensions
[2010.02.08 16:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.12 19:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions
[2010.12.29 12:34:27 | 000,000,000 | ---D | M] ("XHTML Ruby Support") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{0620B69D-7B58-416d-A92A-0198860C2757}
[2011.03.10 17:20:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.05 13:40:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.09.24 06:00:56 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.02.08 17:15:23 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010.02.08 17:15:23 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.12.11 13:37:49 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.01.24 17:57:52 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.02.08 17:15:23 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.07.17 18:33:37 | 000,000,000 | ---D | M] ("TorrentFlux Add") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{AF77DAB8-8DCE-46d6-99D7-901C063EDA97}
[2011.01.08 00:03:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.12.24 12:29:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.12 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.02.08 16:09:29 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\firebug@software.joehewitt.com
[2011.03.10 07:31:45 | 000,000,000 | ---D | M] (Firecookie) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\firecookie@janodvarko.cz
[2010.11.07 12:44:46 | 000,000,000 | ---D | M] (FirePHP) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\FirePHPExtension-Build@firephp.org
[2011.02.16 10:37:04 | 000,000,000 | ---D | M] ("FlashFirebug") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\flashfirebug@o-minds.com
[2010.12.29 12:34:26 | 000,000,000 | ---D | M] (Furigana Injector) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\furiganainjector@yayakoshi.net
[2010.03.10 21:38:15 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\illimitux@illimitux.net
[2010.04.19 17:55:06 | 000,000,000 | ---D | M] ("Pastebin.com Quick Paster") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\upload_text@Pastebin.com
[2010.11.07 12:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\FirePHPExtension-Build@firephp.org\__MACOSX
[2010.11.07 12:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\FirePHPExtension-Build@firephp.org\chrome
[2010.11.07 12:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\FirePHPExtension-Build@firephp.org\defaults
[2011.03.12 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.03.12 19:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.28 17:47:01 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[1999.12.31 16:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.03.26 09:39:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.26 09:39:40 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.26 09:39:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.26 09:39:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.26 09:39:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.11 20:19:46 | 000,000,882 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	kaimei-home.ath.cx
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe ()
O4 - Startup: C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 196.83.24.208
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\ProgramData\OcLVneIOUmyW.dll) -  File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe ()
MsConfig:64bit - StartUpReg: Share - hkey= - key= - C:\Users\Kaimei\Desktop\Share Client\Share.exe ()
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files\CS1.6\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {13KP1HCO-DQ56-LPVW-7N04-V32O5CC3JG40} - C:\Windows\system32\System32\WinUpdates.exe Restart
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ZEQ2GQ1B-MY0K-U6HR-2ENY-9LU4ENX7GR10} - C:\Users\Kaimei\AppData\Local\Temp\holyshit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.lameacm - LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: VIDC.ULRA - C:\Windows\system32\utvideo.dll ()
Drivers32:64bit: VIDC.ULRG - C:\Windows\system32\utvideo.dll ()
Drivers32:64bit: VIDC.ULY0 - C:\Windows\system32\utvideo.dll ()
Drivers32:64bit: VIDC.ULY2 - C:\Windows\system32\utvideo.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.ULRA - C:\Windows\SysWOW64\utvideo.dll ()
Drivers32: VIDC.ULRG - C:\Windows\SysWOW64\utvideo.dll ()
Drivers32: VIDC.ULY0 - C:\Windows\SysWOW64\utvideo.dll ()
Drivers32: VIDC.ULY2 - C:\Windows\SysWOW64\utvideo.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.12 23:48:15 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Local\TGitCache
[2011.03.12 23:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2011.03.12 23:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2011.03.12 23:06:05 | 000,000,000 | ---D | C] -- C:\msysgit
[2011.03.12 22:39:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.03.12 22:38:53 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\TortoiseGit
[2011.03.08 21:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut
[2011.03.06 16:10:54 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\noa-x
[2011.03.06 14:48:16 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB
[2011.03.06 14:29:08 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011.03.03 06:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.02.15 23:56:56 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.02.15 23:56:41 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.02.15 23:56:41 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.02.15 23:56:41 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.02.15 23:56:40 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.02.15 23:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.02.15 23:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2011.02.15 23:54:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.02.15 20:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
[2011.02.15 20:59:27 | 000,000,000 | ---D | C] -- C:\Programme\TortoiseGit
[2011.02.15 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2011.02.15 20:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TortoiseOverlays
[2010.02.08 15:57:57 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.13 16:18:39 | 000,000,600 | ---- | M] () -- C:\Users\Kaimei\AppData\Local\PUTTY.RND
[2011.03.13 16:05:17 | 000,000,250 | ---- | M] () -- C:\Users\Kaimei\mm.cfg
[2011.03.13 13:55:21 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.13 13:55:21 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.13 13:50:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.13 13:50:03 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.10 22:21:22 | 000,000,600 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\winscp.rnd
[2011.03.09 17:42:57 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.09 17:42:57 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.09 17:42:57 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.09 17:42:57 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.09 17:42:57 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.06 16:10:54 | 000,000,306 | ---- | M] () -- C:\Users\Kaimei\Desktop\TS3 Admin.appref-ms
[2011.03.06 14:29:08 | 000,002,528 | ---- | M] () -- C:\Users\Kaimei\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011.03.06 14:27:20 | 000,000,133 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\default.rss
[2011.03.06 14:27:19 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.03.06 00:35:43 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.03.05 18:13:29 | 007,093,236 | ---- | M] () -- C:\Users\Kaimei\Desktop\xmlrpc.tgz
[2011.03.03 20:39:38 | 000,006,332 | ---- | M] () -- C:\Users\Kaimei\Documents\server.kdb
[2011.03.02 07:15:43 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.03.02 07:15:43 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.03.01 21:02:10 | 000,003,584 | ---- | M] () -- C:\Users\Kaimei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.25 21:38:47 | 000,009,384 | ---- | M] () -- C:\Users\Kaimei\rss.php.2
[2011.02.25 21:31:41 | 000,000,830 | ---- | M] () -- C:\Users\Kaimei\rss.php.1
[2011.02.25 21:14:31 | 000,000,462 | ---- | M] () -- C:\Users\Kaimei\rss.php
[2011.02.18 13:10:36 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.02.18 13:06:02 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.02.18 13:06:00 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.02.18 13:05:56 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.02.18 13:05:52 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.02.12 02:04:30 | 000,002,994 | ---- | M] () -- C:\Users\Kaimei\Desktop\Manga.zip
[2011.02.12 01:42:00 | 000,009,837 | ---- | M] () -- C:\Users\Kaimei\Desktop\Manga.rar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.06 16:10:54 | 000,000,306 | ---- | C] () -- C:\Users\Kaimei\Desktop\TS3 Admin.appref-ms
[2011.03.06 14:48:19 | 000,000,690 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSetupFromUSB 0.1.1.lnk
[2011.03.06 14:29:08 | 000,002,528 | ---- | C] () -- C:\Users\Kaimei\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011.03.05 18:18:26 | 007,093,236 | ---- | C] () -- C:\Users\Kaimei\Desktop\xmlrpc.tgz
[2011.02.27 22:25:35 | 000,006,332 | ---- | C] () -- C:\Users\Kaimei\Documents\server.kdb
[2011.02.25 21:38:47 | 000,009,384 | ---- | C] () -- C:\Users\Kaimei\rss.php.2
[2011.02.25 21:31:41 | 000,000,830 | ---- | C] () -- C:\Users\Kaimei\rss.php.1
[2011.02.25 21:12:12 | 000,000,462 | ---- | C] () -- C:\Users\Kaimei\rss.php
[2011.02.16 10:37:16 | 000,000,250 | ---- | C] () -- C:\Users\Kaimei\mm.cfg
[2011.02.15 23:56:38 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.02.15 23:56:37 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.02.15 23:56:37 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.02.12 02:04:30 | 000,002,994 | ---- | C] () -- C:\Users\Kaimei\Desktop\Manga.zip
[2011.02.12 01:41:53 | 000,009,837 | ---- | C] () -- C:\Users\Kaimei\Desktop\Manga.rar
[2010.12.02 19:05:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\DVDKeyAuth.dll
[2010.09.29 18:34:16 | 000,000,162 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.09.15 07:37:27 | 000,003,584 | ---- | C] () -- C:\Users\Kaimei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 00:02:32 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\utvideo.dll
[2010.06.19 23:18:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.06.19 23:18:54 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010.06.19 23:18:54 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.19 23:18:54 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.06.19 23:18:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.05.08 01:55:00 | 000,000,140 | ---- | C] () -- C:\Windows\winamp.ini
[2010.03.21 18:28:17 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.03.10 07:24:25 | 000,289,568 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.02.18 02:18:36 | 000,000,133 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\default.rss
[2010.02.18 02:13:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.13 00:39:18 | 000,000,028 | ---- | C] () -- C:\Windows\lagarith.ini
[2010.02.11 13:32:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.02.09 16:36:58 | 000,000,600 | ---- | C] () -- C:\Users\Kaimei\AppData\Local\PUTTY.RND
[2010.02.09 14:44:10 | 000,000,600 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\winscp.rnd
[2010.02.09 03:07:26 | 000,002,298 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\ASSDraw3.cfg
[2010.02.08 15:57:57 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2010.02.08 15:57:57 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat
[2010.02.08 15:52:01 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2010.02.08 15:51:46 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll
[2010.02.08 15:51:46 | 000,037,376 | R--- | C] () -- C:\Windows\CPLUtl64.exe
[2010.02.08 15:51:44 | 000,000,164 | R--- | C] () -- C:\Windows\avrack.ini
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2004.08.30 13:26:16 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2002.10.15 23:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2010.06.08 14:27:54 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Subversion
[2010.04.30 13:28:36 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TeamViewer
[2011.02.18 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TuneUp Software
[2010.09.28 12:53:31 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\uTorrent
[2010.12.01 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\.minecraft
[2010.10.20 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Acronis
[2010.02.15 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Aegisub
[2010.11.13 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\aog
[2010.03.09 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Azureus
[2010.02.09 03:06:08 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\com.adobe.ExMan
[2010.04.05 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DAEMON Tools Lite
[2010.11.09 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoft
[2010.09.15 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.13 23:07:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FileZilla
[2010.07.15 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FlashFXP
[2010.03.03 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\gtk-2.0
[2010.12.02 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\HandBrake
[2011.03.13 16:33:06 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\ICQ
[2010.04.15 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KeePass
[2010.11.20 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kompozer.net
[2010.02.15 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kSub
[2010.02.08 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc
[2010.07.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc4
[2010.05.12 19:56:34 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient
[2010.05.11 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.05.07 20:15:12 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mael
[2010.04.24 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Miranda
[2010.12.01 13:13:24 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Notepad++
[2010.03.16 20:53:56 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\OpenOffice.org
[2010.06.06 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\streamripper
[2010.04.09 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Subversion
[2010.10.22 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeamViewer
[2011.03.07 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeraCopy
[2010.05.08 02:02:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thinstall
[2010.02.08 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thunderbird
[2010.07.10 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TrueCrypt
[2011.01.27 17:52:57 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TS3Client
[2011.02.15 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TuneUp Software
[2010.05.19 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Usenet.nl
[2011.03.13 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\uTorrent
[2010.02.09 17:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Yamb
[2010.09.29 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\YCanPDF
[2011.03.07 06:58:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.01 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\.minecraft
[2010.10.20 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Acronis
[2010.12.02 21:56:33 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Adobe
[2010.02.15 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Aegisub
[2010.11.13 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\aog
[2010.11.09 18:29:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Apple Computer
[2010.11.12 11:06:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Avira
[2010.03.09 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Azureus
[2010.02.09 03:06:08 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\com.adobe.ExMan
[2010.04.05 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DAEMON Tools Lite
[2010.07.12 01:32:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DivX
[2010.09.21 14:22:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\dvdcss
[2010.11.09 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoft
[2010.09.15 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.13 23:07:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FileZilla
[2010.07.15 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FlashFXP
[2010.03.03 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\gtk-2.0
[2010.12.02 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\HandBrake
[2011.03.13 16:33:06 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\ICQ
[2010.02.08 15:28:32 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Identities
[2010.04.15 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KeePass
[2010.11.20 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kompozer.net
[2010.02.15 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kSub
[2010.02.08 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc
[2010.07.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc4
[2010.05.12 19:56:34 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient
[2010.05.11 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.02.08 16:02:15 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Macromedia
[2010.05.07 20:15:12 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mael
[2010.02.24 20:30:47 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Media Center Programs
[2010.02.09 02:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Media Player Classic
[2010.11.23 21:25:58 | 000,000,000 | --SD | M] -- C:\Users\Kaimei\AppData\Roaming\Microsoft
[2010.04.24 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Miranda
[2011.02.16 18:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\mIRC
[2010.02.08 15:32:39 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mozilla
[2010.02.16 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Nero
[2010.12.01 13:13:24 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Notepad++
[2010.03.16 20:53:56 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\OpenOffice.org
[2010.11.06 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\PSpad
[2010.06.20 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Real
[2011.02.08 16:09:01 | 000,000,000 | RH-D | M] -- C:\Users\Kaimei\AppData\Roaming\SecuROM
[2011.03.13 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Skype
[2011.03.13 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\SkypePM
[2010.06.06 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\streamripper
[2010.04.09 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Subversion
[2010.02.24 21:45:28 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\SUPERAntiSpyware.com
[2011.01.29 20:29:15 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\teamspeak2
[2010.10.22 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeamViewer
[2011.03.07 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeraCopy
[2010.05.08 02:02:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thinstall
[2010.02.08 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thunderbird
[2011.03.13 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TortoiseGit
[2010.05.05 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TortoiseSVN
[2010.07.10 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TrueCrypt
[2011.01.27 17:52:57 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TS3Client
[2011.02.15 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TuneUp Software
[2010.05.19 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Usenet.nl
[2011.03.13 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\uTorrent
[2011.01.27 17:26:27 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\vlc
[2010.06.06 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Winamp
[2010.02.08 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\WinRAR
[2010.02.09 17:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Yamb
[2010.09.29 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\YCanPDF
 
< %APPDATA%\*.exe /s >
[2010.05.11 17:02:49 | 000,038,784 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.01.03 16:05:37 | 000,005,120 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{7E60C9C0-B135-41FE-8EEA-0B021BB63234}\Icon7E60C9C0.exe
[2011.03.06 14:29:08 | 000,119,808 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
[2008.12.02 07:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI.exe
[2008.12.01 12:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI32.exe
[2008.12.01 12:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI64.exe
[2008.11.26 05:57:44 | 000,737,280 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe
[2008.11.26 12:59:32 | 006,450,574 | R--- | M] (Macrovision Corporation) -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGInternetKit_V3.0.0.24_Setup.exe
[2011.03.12 19:39:03 | 000,188,152 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Mozilla\Firefox\Profiles\fcnyq30v.default\FlashGot.exe
[2010.05.18 17:09:29 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\10000001400002i\msiexec.exe
[2010.05.18 17:11:25 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\11300002i\splwow64.exe
[2010.05.18 17:08:25 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002i\OffDiag.exe
[2010.05.18 17:08:12 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002i\SETUP.EXE
[2010.05.18 17:12:34 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000a0300002i\MSACCESS.EXE
[2010.05.18 17:08:25 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002i\DW20.EXE
[2009.06.29 07:26:54 | 000,235,764 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Yamb\MP4Box.exe
[2010.02.09 17:12:35 | 000,128,682 | ---- | M] (hxxp://yamb.unite-video.com) -- C:\Users\Kaimei\AppData\Roaming\Yamb\Uninstall.exe
[2009.06.29 13:15:54 | 002,424,832 | ---- | M] (Kurtnoise) -- C:\Users\Kaimei\AppData\Roaming\Yamb\Yamb.exe
[2009.05.03 19:25:40 | 001,871,360 | ---- | M] (madshi.net) -- C:\Users\Kaimei\AppData\Roaming\Yamb\eac3to\eac3to.exe
[2009.06.07 10:10:40 | 002,282,496 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Yamb\mkvextract\mkvextract.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.09.11 16:22:34 | 000,592,208 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2009.06.19 18:28:22 | 001,030,674 | ---- | M] () -- C:\x264.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.01.21 19:08:05 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\500 GB  platte\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2010.01.21 19:08:05 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.11.08 14:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\via_raid_vista_mb\VIARaid\DRIVER\Raid\winnt40\viamraid.sys
[2006.11.08 14:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\drvdisk\i386\NT4\viamraid.sys
[2006.11.08 14:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\VIARaid\DRIVER\Raid\winnt40\viamraid.sys
[2006.11.08 14:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\via_raid_vista_mb\VIARaid\DRIVER\Raid\winxp\viamraid.sys
[2006.11.08 14:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\drvdisk\i386\NT5\viamraid.sys
[2006.11.08 14:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\VIARaid\DRIVER\Raid\winxp\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009.07.14 02:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll

< End of report >
         
Avira gibt wie gesagt keine Meldungen mehr an, wenn ich einen Komplettscan mache.
__________________

Alt 13.03.2011, 16:46   #4
markusg
/// Malware-holic
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



ich möchte die alten fundmeldungen sehen, unter avira, rports, falls scan logs, oder avira, ereignisse, falls guard funde
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.03.2011, 17:50   #5
gabagandalf
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Hoffe, dass das die Richtigen sind. Hab sie bei Avira aus den Ereignissen kopiert.

Code:
ATTFilter
Die Datei 'C:\ProgramData\28609.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Eine Instanz der ARK Library läuft bereits.
         
Code:
ATTFilter
In der Datei 'C:\ProgramData\43812.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
         
Code:
ATTFilter
Die Datei 'C:\Users\Kaimei\AppData\Local\Temp\AB7A.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Pakes.ora' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '492eece6.qua' verschoben!
         
Code:
ATTFilter
Die Datei 'C:\Users\Kaimei\AppData\Local\Temp\C571.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Cutwail.BA.25' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '368de5a7.qua' verschoben!
         
Code:
ATTFilter
Die Datei 'C:\Users\Kaimei\AppData\Local\Temp\B33E.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Pakes.ora' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4728dc30.qua' verschoben!
         
Code:
ATTFilter
Die Datei 'C:\Users\Kaimei\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQYAXQI0\load[4].php'
enthielt einen Virus oder unerwünschtes Programm 'TR/Pakes.ora' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '05669162.qua' verschoben!
         
Code:
ATTFilter
Die Datei 'C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4a697dd8-68aae466'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Agent.f.5905' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50abbb43.qua' verschoben!
         


Alt 13.03.2011, 18:15   #6
markusg
/// Malware-holic
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



poste noch alle Malwarebytes logs.
__________________
--> Windows 7 Safe Mode

Alt 13.03.2011, 19:12   #7
gabagandalf
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Hab das jetzt durchlaufen lassen und die Sachen beheben lassen, so wies im Link stand.
Da ist das Log.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6044

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.03.2011 20:09:44
mbam-log-2011-03-13 (20-09-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 182395
Laufzeit: 7 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\SEARCHSETTINGS@SPIGOT.COM (PUP.Dealio) -> Value: SEARCHSETTINGS@SPIGOT.COM -> Not selected for removal.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Not selected for removal.
c:\program files (x86)\mozilla firefox\extensions\searchsettings@spigot.com (PUP.Dealio) -> Not selected for removal.
         

Alt 13.03.2011, 19:22   #8
markusg
/// Malware-holic
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



das sieht nicht gut aus. machst du onlinebanking /einkäufe oder sonst was wichtiges mit dem pc
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.03.2011, 19:27   #9
gabagandalf
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Habs jetzt nachm restart noch mal drüber laufen lassen.
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6044

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.03.2011 20:25:21
mbam-log-2011-03-13 (20-25-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181391
Laufzeit: 6 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\SEARCHSETTINGS@SPIGOT.COM (PUP.Dealio) -> Value: SEARCHSETTINGS@SPIGOT.COM -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2142560473-4073965963-3006564023-1000\$R9XU5MG.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\searchsettings@spigot.com (PUP.Dealio) -> Quarantined and deleted successfully.
         
Nein seit ich diese Probleme habe, hab ich mich nirgens mehr eingeloggt. Passwörter lasse ich auch nicht im Browser speichern und hab die auch schon verändert auf den entsprechenden Seiten, damit da nix passiert.

EDIT:

Nachm Restart sind die Probleme immer noch vorhanden.

EDIT2:
Taskmanager geht doch wieder und nachdem ich das Desktoppic nun geändert hab ist auch das mit dem Safe Mode weg.

Danke für deine schnelle und ich denke mal erfolgreiche Hilfe markusg.
Bin dir echt dankbar.

Geändert von gabagandalf (13.03.2011 um 19:36 Uhr)

Alt 13.03.2011, 19:36   #10
markusg
/// Malware-holic
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



das beantwortet nicht die frage ob du onlinebanking etc machst.
und die passwörter von diesem pc aus zu endern ist sinnlos.
trojaner sind außerdem nicht drauf angewiesen ob passwörter im browser gespeichert werden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.03.2011, 19:40   #11
gabagandalf
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Das ist mir auch klar, dass ändern von dem PC nichts bringt.
Habe sie von meinem Notebook aus geändert.
Und ja ich habe über den PC vorher auch Onlineeinkäufe gemacht.

Alt 13.03.2011, 19:47   #12
markusg
/// Malware-holic
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



ok.
du hast den spyeyes trojaner auf dem pc.
das ist im moment einer der ausgeklügelsten trojaner.
diese können nicht mehr nachvollziebare enderungen am system vor nehmen, da du einkäufe machst, ist das sicherste ein neu aufsetzen, wir können sonst nicht garantieren das das system sauber ist.
für das neu aufgesetze system erkläre ich dir wie du es absicherst.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.03.2011, 19:49   #13
gabagandalf
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Ja ok danke.

Ich werd das aber erst nächten Wochenende schaffen denke ich mal. Aber danke schon mal für die Hilfe.

Alt 13.03.2011, 19:54   #14
markusg
/// Malware-holic
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



ok meld dich dann einfach noch mal.
tut mir leid für die schlechten nachichten am sonntag :d
aber kann man nichts machen :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.03.2011, 20:25   #15
gabagandalf
 
Windows 7 Safe Mode - Standard

Windows 7 Safe Mode



Jo kannst du ja auch nichts für. Und es ist besser so, als wenn dann irgendwer über meinen Namen was bestellt oder sonst was macht.

Außerdem danke, dass wir das so schnell "durchbekommen" haben und das am Sonntag. Hatte eigendlich erst heute abend mit ersten Antworten gerechnet.

Antwort

Themen zu Windows 7 Safe Mode
abgesicherten, antispyware, antivir, anzeige, avira, avira antivir, detected, edition, free, funktioniert, gelöscht, hijack, keine viren, links, modus, neue, neuen, nichts, problem, programme, strg, super, taskmanager, viren, windows, windows 7



Ähnliche Themen: Windows 7 Safe Mode


  1. Theater Mode App entfernen
    Anleitungen, FAQs & Links - 16.03.2014 (2)
  2. GVU Trojaner W7x64, safe mode geht nicht, FRST müsste D scannen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (12)
  3. Bundespolizei Trojaner eingefangen safe mode geht nicht
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (37)
  4. PC gesperrt-GVU Trojaner (auch im safe-mode) OTL Frage!
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (7)
  5. kostenpflichtiges (50 Euro) windows-upgrade per pay-safe
    Log-Analyse und Auswertung - 16.04.2012 (18)
  6. wie funktioniert der Boot Mode
    Alles rund um Windows - 20.03.2012 (2)
  7. (2x) Gema-Trojaner schlaegt auch im Safe-Mode durch
    Mülltonne - 19.03.2012 (1)
  8. Gema-Trojaner schlaegt auch im Safe-Mode durch
    Log-Analyse und Auswertung - 19.03.2012 (1)
  9. Neu für Windows Azure: Admin Mode, Full IIS, Remote Desktop, VM Role und mehr
    Nachrichten - 25.02.2011 (0)
  10. Bericht: Phishing kommt aus der Mode
    Nachrichten - 28.08.2009 (0)
  11. 3/4 der CPU auslastung im Kernel Mode
    Log-Analyse und Auswertung - 13.02.2009 (0)
  12. Dual-Channel Asymmetric Mode
    Alles rund um Windows - 27.11.2008 (3)
  13. mode not supported
    Mülltonne - 03.03.2007 (2)
  14. nach escan im Safe Mode ist PC wahnsinnig langsam geworden
    Log-Analyse und Auswertung - 11.03.2006 (2)
  15. thnall1z.exe....W2K Safe Mode nicht mehr möglich!
    Log-Analyse und Auswertung - 05.11.2005 (1)
  16. thnall1z.exe....W2K Safe Mode nicht mehr möglich!
    Plagegeister aller Art und deren Bekämpfung - 04.11.2005 (2)

Zum Thema Windows 7 Safe Mode - Hallo, ich hoffe ich bin hier richtig. Und um das gleich vorne Weg zu nehmen, ich habe bereits gegooglet und die Boardsuche genutzt, nur nix gefunden. Ich nutze Windows 7 - Windows 7 Safe Mode...
Archiv
Du betrachtest: Windows 7 Safe Mode auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.