katjes204 | 12.02.2012 19:48 | Hallo Arne,
hier das Ergebnis. Code:
OTL logfile created on: 12.02.2012 19:21:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 46,93% Memory free
7,73 Gb Paging File | 5,89 Gb Available in Paging File | 76,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,32 Gb Total Space | 216,20 Gb Free Space | 71,04% Space Free | Partition Type: NTFS
Drive E: | 280,03 Gb Total Space | 52,86 Gb Free Space | 18,88% Space Free | Partition Type: NTFS
Computer Name: KATJA204 | User Name: Katja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.02.12 19:08:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011.12.20 10:06:34 | 001,370,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe
PRC - [2011.09.11 15:21:38 | 000,837,656 | ---- | M] (hxxp://izloader.com/) -- C:\Program Files (x86)\Easy Downloads\easydownloads.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.29 08:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.02.24 00:28:24 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.20 18:54:20 | 001,960,560 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wfvie12.dll
MOD - [2011.12.20 17:44:09 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsdcom47.dll
MOD - [2011.12.20 10:07:25 | 007,616,624 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wgui12.dll
MOD - [2011.12.20 10:07:07 | 002,961,008 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wcore12.dll
MOD - [2011.12.20 10:07:05 | 001,612,912 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wreli12.dll
MOD - [2011.12.20 10:07:00 | 001,533,552 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wsteu12.dll
MOD - [2011.12.20 10:06:58 | 000,318,064 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsguiwinapi47.dll
MOD - [2011.12.20 10:06:55 | 000,261,232 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rscorewinapi47.dll
MOD - [2011.12.20 10:06:34 | 001,370,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe
MOD - [2011.12.20 10:06:21 | 000,135,792 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsodbc47.dll
MOD - [2011.12.20 10:06:20 | 004,323,440 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wauff12.dll
MOD - [2011.11.04 13:47:20 | 000,865,280 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtcluceners47.dll
MOD - [2011.11.04 13:47:18 | 000,271,872 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\phononrs47.dll
MOD - [2011.11.04 13:47:16 | 011,163,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtwebkitrs47.dll
MOD - [2011.11.04 13:47:14 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qttestrs47.dll
MOD - [2011.11.04 13:47:12 | 001,340,416 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtscriptrs47.dll
MOD - [2011.11.04 13:47:12 | 000,704,000 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtsqlrs47.dll
MOD - [2011.11.04 13:47:12 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtsvgrs47.dll
MOD - [2011.11.04 13:47:10 | 008,934,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtguirs47.dll
MOD - [2011.11.04 13:47:10 | 002,395,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qt3supportrs47.dll
MOD - [2011.11.04 13:47:10 | 000,990,208 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtnetworkrs47.dll
MOD - [2011.11.04 13:47:10 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtxmlrs47.dll
MOD - [2011.11.04 13:47:08 | 002,356,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtcorers47.dll
MOD - [2011.10.14 02:32:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.26 13:40:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.01.22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.10.15 16:00:02 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.26 13:45:00 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.26 13:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.12 19:02:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 00:28:24 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 19:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.04.24 14:42:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 14:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.12.02 14:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.12.02 14:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.12.02 14:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.07.15 07:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010.07.15 07:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.12 11:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.05.12 11:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2010.05.12 11:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.05.12 11:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.05.12 11:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.01.22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.05 17:55:04 | 001,580,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.02 03:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.11.02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.10.26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.09.30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010.07.15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010.07.15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101430&mntrId=80e8051800000000000076f1a11368f1
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80e8051800000000000076f1a11368f1&tlver=1.4.35.10&affID=101430&babsrc=SP_FFUP"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.01 10:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.06.22 16:05:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.08 19:16:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 17:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.22 16:05:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.01 10:15:59 | 000,000,000 | ---D | M]
[2011.05.15 15:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Extensions
[2012.02.02 18:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions
[2012.01.08 16:03:13 | 000,000,000 | ---D | M] (IsoBuster DE Community Toolbar) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}
[2011.08.13 13:15:39 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3
[2011.07.12 15:41:14 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft
[2011.09.11 15:22:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com
[2011.12.27 14:45:12 | 000,000,933 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\11-suche.xml
[2012.01.27 20:03:51 | 000,002,401 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\askcom.xml
[2011.12.27 14:45:12 | 000,002,419 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\englische-ergebnisse.xml
[2011.12.27 14:45:12 | 000,010,525 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\gmx-suche.xml
[2011.12.27 14:45:12 | 000,002,457 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\lastminute.xml
[2011.12.27 14:45:12 | 000,005,508 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\webde-suche.xml
[2011.05.15 15:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.12.08 19:16:46 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\KATJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B35ODC10.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\KATJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B35ODC10.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.02.12 17:51:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.27 20:06:11 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.27 20:06:11 | 000,002,112 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.27 20:06:11 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.27 20:06:11 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.27 20:06:11 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.24 11:12:09 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.27 20:06:11 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\Toolbar\WebBrowser: (IsoBuster DE Toolbar) - {134B012B-132D-4516-A786-2395828640B5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0458700B-063D-4F6D-AC79-84ACDC9412A9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56956A4F-5F02-4A1F-8C09-00CCFE3908F2}: DhcpNameServer = 192.32.20.12
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.13 08:03:12 | 000,000,045 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell - "" = AutoRun
O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell - "" = AutoRun
O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe - ()
MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= - c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: Standby - hkey= - key= - c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - c:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - c:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.02.09 18:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.09 18:25:02 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Katja\Desktop\esetsmartinstaller_enu.exe
[2012.02.09 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Malwarebytes
[2012.02.09 17:22:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.09 17:19:48 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Katja\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.07 18:02:48 | 000,000,000 | ---D | C] -- C:\Logfiles.zip
[2012.02.07 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.02.07 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.02.07 17:07:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Katja\Desktop\dds.com
[2012.01.30 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.30 20:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.30 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.30 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.01.30 20:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.30 20:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.01.30 19:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.30 19:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.01.27 20:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.01.26 20:01:54 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\ElevatedDiagnostics
[2012.01.21 23:09:08 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\Ashampoo Music Studio 3
[2012.01.21 23:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.01.21 23:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012.01.21 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{011FA7AF-9AB9-413A-9F74-A959D237B2E0}
[2012.01.21 18:01:23 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{C5AF25A0-F517-4512-A23C-F99B2AE19BD5}
[2012.01.14 14:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012
[2012.01.14 13:59:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.02.12 18:32:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.12 18:32:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 16:15:20 | 000,201,020 | ---- | M] () -- C:\Users\Katja\Desktop\discoturm-nautica-magdeburg-2012-02-11-066.jpg
[2012.02.12 11:50:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.11 22:19:52 | 001,534,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.11 22:19:52 | 000,666,968 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.11 22:19:52 | 000,627,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.11 22:19:52 | 000,136,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.11 22:19:52 | 000,111,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.11 09:37:52 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 09:37:52 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 18:25:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Katja\Desktop\esetsmartinstaller_enu.exe
[2012.02.09 17:22:39 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.09 17:20:08 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Katja\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.07 17:33:46 | 001,110,476 | ---- | M] () -- C:\Users\Katja\Desktop\7z920.exe
[2012.02.07 17:07:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Katja\Desktop\dds.com
[2012.02.07 17:07:02 | 000,000,168 | ---- | M] () -- C:\Users\Katja\defogger_reenable
[2012.02.07 17:05:43 | 000,050,477 | ---- | M] () -- C:\Users\Katja\Desktop\Defogger.exe
[2012.01.30 20:06:29 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.30 19:59:46 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.29 17:32:53 | 000,000,607 | ---- | M] () -- C:\Windows\wiso.ini
[2012.01.26 18:35:25 | 278,015,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.22 21:07:22 | 000,350,942 | ---- | M] () -- C:\Users\Katja\Desktop\Personalfachkauffrau Teil 1+ 001.jpg
[2012.01.21 23:36:02 | 000,020,992 | ---- | M] () -- C:\Users\Katja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.21 23:07:20 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Music Studio 3.lnk
[2012.01.19 13:54:07 | 000,001,203 | ---- | M] () -- C:\Users\Katja\Desktop\HP Officejet 4500 G510n-z - Verknüpfung.lnk
[2012.01.18 14:32:50 | 000,031,356 | ---- | M] () -- C:\Users\Katja\Desktop\G1203.pdf
[2012.01.18 14:32:12 | 000,445,489 | ---- | M] () -- C:\Users\Katja\Desktop\G1204_1205_1206.pdf
[2012.01.17 17:38:31 | 000,981,716 | ---- | M] () -- C:\Users\Katja\Desktop\Ernaehrung.pdf
[2012.01.14 14:08:37 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.01.14 14:08:37 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.02.12 16:14:45 | 000,201,020 | ---- | C] () -- C:\Users\Katja\Desktop\discoturm-nautica-magdeburg-2012-02-11-066.jpg
[2012.02.09 17:22:39 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.07 17:33:45 | 001,110,476 | ---- | C] () -- C:\Users\Katja\Desktop\7z920.exe
[2012.02.07 17:07:02 | 000,000,168 | ---- | C] () -- C:\Users\Katja\defogger_reenable
[2012.02.07 17:05:42 | 000,050,477 | ---- | C] () -- C:\Users\Katja\Desktop\Defogger.exe
[2012.01.30 20:06:29 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.30 19:59:46 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.22 21:07:38 | 000,350,942 | ---- | C] () -- C:\Users\Katja\Desktop\Personalfachkauffrau Teil 1+ 001.jpg
[2012.01.21 23:07:20 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Music Studio 3.lnk
[2012.01.19 13:54:07 | 000,001,203 | ---- | C] () -- C:\Users\Katja\Desktop\HP Officejet 4500 G510n-z - Verknüpfung.lnk
[2012.01.18 14:32:50 | 000,031,356 | ---- | C] () -- C:\Users\Katja\Desktop\G1203.pdf
[2012.01.18 14:32:11 | 000,445,489 | ---- | C] () -- C:\Users\Katja\Desktop\G1204_1205_1206.pdf
[2012.01.17 17:38:30 | 000,981,716 | ---- | C] () -- C:\Users\Katja\Desktop\Ernaehrung.pdf
[2012.01.14 17:41:38 | 278,015,861 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.14 14:08:37 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.01.14 14:08:37 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[2011.12.24 11:18:44 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.05 12:32:43 | 131,684,208 | ---- | C] () -- C:\Program Files (x86)\Pixelnet_Software_Setup.exe
[2011.04.01 10:09:41 | 000,241,431 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.02.12 18:18:02 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.23 16:59:09 | 000,020,992 | ---- | C] () -- C:\Users\Katja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.23 16:58:32 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.01.23 16:58:32 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E0AC77F6BD.sys
[2011.01.09 21:00:31 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.12.11 18:29:32 | 000,000,093 | ---- | C] () -- C:\Users\Katja\AppData\Local\fusioncache.dat
[2010.12.11 18:28:19 | 001,555,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.15 17:01:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.05 16:02:48 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2010.09.27 17:40:17 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010.09.26 14:31:52 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010.09.26 14:31:52 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010.09.26 14:31:52 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010.09.26 14:31:52 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010.09.26 14:31:52 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010.09.26 08:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.13 04:22:39 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.04.13 04:21:45 | 000,001,741 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.04.12 19:02:48 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.04.12 18:45:04 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.04.12 18:45:04 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010.04.12 18:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.02.11 20:20:02 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010.02.11 20:20:02 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010.02.11 20:20:02 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.06.07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
========== LOP Check ==========
[2011.04.17 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Babylon
[2011.04.17 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Bioshock
[2011.04.10 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Buhl Data Service
[2011.09.12 16:00:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Canon
[2011.01.09 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Carambis
[2011.04.24 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DAEMON Tools Lite
[2011.12.24 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon
[2011.04.29 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\GoPal Assistant
[2011.01.20 20:30:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\gtk-2.0
[2011.07.28 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze
[2011.01.20 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\MAGIX
[2011.04.24 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Merscom
[2011.08.13 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\NCH Swift Sound
[2011.12.24 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\OCS
[2011.12.24 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Opera
[2011.06.26 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\PC Suite
[2011.08.12 10:18:51 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Samsung
[2010.10.15 15:59:52 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\TuneUp Software
[2010.12.11 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Turbine
[2011.01.23 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Ulead Systems
[2010.09.24 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WildTangentv1002
[2010.10.15 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Windows SideBar
[2011.12.05 09:14:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.05.29 20:12:15 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Adobe
[2011.04.03 16:48:57 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Apple Computer
[2010.09.24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\ATI
[2011.04.17 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Babylon
[2011.04.17 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Bioshock
[2011.04.10 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Buhl Data Service
[2011.09.12 16:00:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Canon
[2011.01.09 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Carambis
[2011.01.23 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Corel
[2010.12.16 19:10:38 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\CyberLink
[2011.04.24 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DAEMON Tools Lite
[2011.12.24 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon
[2011.11.05 15:04:56 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DivX
[2012.01.06 23:26:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\dvdcss
[2010.09.24 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Google
[2011.04.29 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\GoPal Assistant
[2011.01.20 20:30:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\gtk-2.0
[2011.07.28 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze
[2011.04.01 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\HP
[2010.09.24 15:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Identities
[2011.04.17 12:38:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\InstallShield
[2010.09.24 15:12:50 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Intel Corporation
[2010.09.24 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Macromedia
[2011.01.20 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\MAGIX
[2012.02.09 17:22:41 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Malwarebytes
[2010.02.11 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Media Center Programs
[2011.04.24 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Merscom
[2011.11.10 18:59:57 | 000,000,000 | --SD | M] -- C:\Users\Katja\AppData\Roaming\Microsoft
[2011.05.15 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Mozilla
[2011.08.13 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\NCH Swift Sound
[2011.12.24 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\OCS
[2011.12.24 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Opera
[2011.06.26 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\PC Suite
[2011.08.12 10:18:51 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Samsung
[2011.04.17 12:57:22 | 000,000,000 | RH-D | M] -- C:\Users\Katja\AppData\Roaming\SecuROM
[2012.02.12 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Skype
[2010.10.15 15:59:52 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\TuneUp Software
[2010.12.11 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Turbine
[2011.01.23 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Ulead Systems
[2011.10.13 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\vlc
[2010.09.24 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WildTangentv1002
[2010.10.15 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Windows SideBar
[2011.01.07 21:24:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WinRAR
[2011.04.01 10:16:24 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Yahoo!
[2011.09.12 16:01:01 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\ZoomBrowser EX
< %APPDATA%\*.exe /s >
[2011.12.24 11:18:44 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.04.29 14:40:43 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\23A0B03D-F42B-4A4D-A64C-C4E946585B5E\AutoRunCE.exe
[2011.04.29 14:40:44 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\23A0B03D-F42B-4A4D-A64C-C4E946585B5E\1\module.exe
[2011.04.29 14:41:23 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\339E641C-73A4-44D0-AD2B-816E368225DF\AutoRunCE.exe
[2011.04.29 14:41:23 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\339E641C-73A4-44D0-AD2B-816E368225DF\1\module.exe
[2011.04.29 14:41:09 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\3EEA5F55-83AB-4448-98E4-C364B6DFAEF7\AutoRunCE.exe
[2011.04.29 14:41:10 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\3EEA5F55-83AB-4448-98E4-C364B6DFAEF7\1\module.exe
[2011.04.29 14:41:15 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\4F0ACCE4-F7AE-4923-A9F4-81C028596E55\AutoRunCE.exe
[2011.04.29 14:41:15 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\4F0ACCE4-F7AE-4923-A9F4-81C028596E55\1\module.exe
[2011.04.29 14:41:29 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\6274F28B-F345-4BA9-B53C-3E2E3D25E442\AutoRunCE.exe
[2011.04.29 14:41:29 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\6274F28B-F345-4BA9-B53C-3E2E3D25E442\1\module.exe
[2011.04.29 14:40:59 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\7AF495BA-85AD-4187-B21F-E26B6897C748\AutoRunCE.exe
[2011.04.29 14:40:59 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\7AF495BA-85AD-4187-B21F-E26B6897C748\1\module.exe
[2011.04.29 14:40:48 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\8BBB19C3-9C60-44CB-8A5E-BC8BCB78AC5D\AutoRunCE.exe
[2011.04.29 14:40:48 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\8BBB19C3-9C60-44CB-8A5E-BC8BCB78AC5D\1\module.exe
[2011.04.29 14:41:05 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\92746DE9-F77D-43A9-BAB3-87E12605CE35\AutoRunCE.exe
[2011.04.29 14:41:06 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\92746DE9-F77D-43A9-BAB3-87E12605CE35\1\module.exe
[2011.04.29 14:40:53 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\98B5E998-AD01-4E0C-A3D9-CC949E946A49\AutoRunCE.exe
[2011.04.29 14:40:54 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\98B5E998-AD01-4E0C-A3D9-CC949E946A49\1\module.exe
[2011.04.29 14:41:17 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\9F7A79D6-3A06-4F78-90D0-FA897A4FD783\AutoRunCE.exe
[2011.04.29 14:41:18 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\9F7A79D6-3A06-4F78-90D0-FA897A4FD783\1\module.exe
[2011.04.29 14:41:25 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A2922E09-96FC-489E-B230-2712FFE6FE11\AutoRunCE.exe
[2011.04.29 14:41:26 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A2922E09-96FC-489E-B230-2712FFE6FE11\1\module.exe
[2011.04.29 14:40:01 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A7287F0A-05FE-408C-AB9A-5FEF470567C1\AutoRunCE.exe
[2011.04.29 14:40:16 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A7287F0A-05FE-408C-AB9A-5FEF470567C1\1\module.exe
[2011.04.29 14:40:36 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\AD8325DB-A2BE-4F60-A78D-AB1748B0D4FA\AutoRunCE.exe
[2011.04.29 14:40:38 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\AD8325DB-A2BE-4F60-A78D-AB1748B0D4FA\1\module.exe
[2011.04.29 14:41:07 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\B77505EF-1AFD-46B9-B08A-036EF94F9AF4\AutoRunCE.exe
[2011.04.29 14:41:07 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\B77505EF-1AFD-46B9-B08A-036EF94F9AF4\1\module.exe
[2011.04.29 14:40:29 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\C31A8510-F49E-4961-A54B-F33A1BD80AFF\AutoRunCE.exe
[2011.04.29 14:40:30 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\C31A8510-F49E-4961-A54B-F33A1BD80AFF\1\module.exe
[2011.04.29 14:40:22 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\D14E9445-4543-4301-8AE3-CC56BC8D443D\AutoRunCE.exe
[2011.04.29 14:40:24 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\D14E9445-4543-4301-8AE3-CC56BC8D443D\1\module.exe
[2011.04.29 14:41:20 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\E57937F2-41B4-4D3C-B65A-D4A66F85A852\AutoRunCE.exe
[2011.04.29 14:41:21 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\E57937F2-41B4-4D3C-B65A-D4A66F85A852\1\module.exe
[2011.04.29 14:41:03 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\F504E7FB-12D2-4F6E-94B7-01FBA1B1985E\AutoRunCE.exe
[2011.04.29 14:41:04 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\F504E7FB-12D2-4F6E-94B7-01FBA1B1985E\1\module.exe
[2011.04.29 14:41:12 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\FDDB8B34-B577-41FB-98B9-AAC9D2A5FA75\AutoRunCE.exe
[2011.04.29 14:41:13 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\FDDB8B34-B577-41FB-98B9-AAC9D2A5FA75\1\module.exe
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2011.12.24 11:12:06 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Katja\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.12.24 11:12:06 | 000,040,960 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.08.12 11:20:13 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\Katja\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe
< %SYSTEMDRIVE%\*.exe >
[2011.12.23 23:12:52 | 003,818,944 | ---- | M] (Smart Projects ) -- C:\isobuster_all_lang.exe
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2010.12.21 06:36:16 | 001,236,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msxml3.dll
[2009.07.14 02:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\scrrun.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< >
< End of report > LG
Katja |