Trojaner-Board - HTML/Infected.WebPage.Gen2 meldet Antivir

Hallo Kira,

vielen Dank für die schnelle Antwort, ich werde alle Infos, so schnell es mir möglich ist, nachliefern.

Hier die installierten Programme von CCleaner:

Code:

Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        12.04.2012        6,00MB        11.2.202.233

Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        13.04.2012        6,00MB        11.2.202.233

Avira Free Antivirus        Avira        14.02.2012        104,9MB        12.0.0.898

CCleaner        Piriform        18.04.2012                3.17

Cool & Quiet                19.11.2011                

CPUID CPU-Z 1.60                13.04.2012        3,34MB        

DivX Setup        DivX, LLC        18.12.2011                2.6.1.3

ESET Online Scanner v3                18.04.2012                

Google Chrome        Google Inc.        09.08.2011                19.0.1084.30

Heroes of Newerth        S2 Games        12.08.2011                2.0.33

Hi-Rez Studios Authenticate and Update Service        Hi-Rez Studios        11.04.2012                3.0.0.0

HWiNFO64 Version 3.94        Martin Malík - REALiX        12.04.2012        6,52MB        3.94

Java(TM) 6 Update 31        Oracle        07.04.2012        95,1MB        6.0.310

JDownloader 0.9        AppWork GmbH        26.07.2011                0.9

M-Audio Delta 6.0.8 (x64)        M-Audio        16.03.2012        3,79MB        6.0.8

MAGIX Screenshare        MAGIX AG        09.06.2011        1,43MB        4.3.6.1987

MAGIX Speed 2 (MSI)        MAGIX AG        09.06.2011        57,2MB        6.0.1.2

Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        18.04.2012        18,0MB        1.61.0.1400

marvell 61xx        Marvell        26.02.2011                1.2.0.69

Maxthon 3        Maxthon International Limited        23.01.2012                

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        18.11.2011        38,8MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        18.11.2011        2,94MB        4.0.30319

Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        20.07.2011        31,3MB        3.5.88.0

Microsoft Games for Windows Marketplace        Microsoft Corporation        20.07.2011        6,04MB        3.5.50.0

Microsoft Silverlight        Microsoft Corporation        15.02.2012        168,5MB        4.1.10111.0

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        13.12.2011        1,70MB        3.1.0000

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0,29MB        8.0.59193

Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        25.02.2011        0,61MB        8.0.61000

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        22.04.2011        0,57MB        8.0.51011

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        22.04.2011        0,77MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        22.04.2011        0,58MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        14.01.2012        0,25MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        25.02.2011        0,77MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,77MB        9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        25.02.2011        1,42MB        9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411        Microsoft Corporation        31.07.2011        1,46MB        9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        30.08.2011        0,22MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        02.09.2011        0,22MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        25.02.2011        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,59MB        9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        16.10.2011        20,6MB        10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        09.08.2011        15,0MB        10.0.40219

Microsoft XNA Framework Redistributable 3.1        Microsoft Corporation        20.09.2011        7,55MB        3.1.10527.0

Mozilla Firefox 11.0 (x86 de)        Mozilla        14.03.2012        36,1MB        11.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.07.2011        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        12.07.2011        1,39MB        4.20.9876.0

NVIDIA Grafiktreiber 296.10        NVIDIA Corporation        12.03.2012                296.10

NVIDIA HD-Audiotreiber 1.3.12.0        NVIDIA Corporation        12.03.2012                1.3.12.0

NVIDIA PhysX-Systemsoftware 9.12.0213        NVIDIA Corporation        12.03.2012                9.12.0213

OpenAL                14.04.2012                

PantsOff 2.0        Christoph Bünger Software        31.10.2011                2.0

Path of Exile        Grinding Gear Games        14.04.2012        11,1MB        0.9.8.16065

QuickTime        Apple Inc.        05.11.2011        73,3MB        7.71.80.42                11.0.0.0

Skype™ 5.8        Skype Technologies S.A.        07.04.2012        19,0MB        5.8.158

SpeedFan (remove only)                10.11.2011                

Spybot - Search & Destroy        Safer Networking Limited        25.04.2011                1.6.2

Steam        Valve Corporation        01.06.2011        1,59MB        1.0.0.0

System Requirements Lab CYRI        Husdawg, LLC        18.04.2012        0,45MB        4.5.1.0

System Requirements Lab for Intel        Husdawg, LLC        13.04.2012        0,75MB        4.5.5.0

TeamSpeak 3 Client        TeamSpeak Systems GmbH        26.02.2011                

TeamViewer 7        TeamViewer        12.04.2012                7.0.12979

Timewave Calculator        Time Travel Inc.        26.12.2011                

TP-LINK Wireless Client Utility        TP-LINK        17.01.2012                2.0

Tribes Ascend        Hi-Rez Studios        11.04.2012                1.0.905.1

Trillian        Cerulean Studios, LLC        04.11.2011                        12.0.3500.13

Windows Live Essentials        Microsoft Corporation        13.04.2012                15.4.3555.0308

Windows Media Player Firefox Plugin        Microsoft Corp        16.01.2012        0,29MB        1.0.0.8

WinRAR 4.01 (64-Bit)        win.rar GmbH        10.08.2011                4.01.0

ZOTAC FireStorm                26.02.2011

OTL normal

Code:

OTL logfile created on: 19.04.2012 16:47:20 - Run 1

OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\***\awc_***\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,10% Memory free

14,00 Gb Paging File | 11,71 Gb Available in Paging File | 83,65% Paging File free

Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,51 Gb Total Space | 701,21 Gb Free Space | 75,28% Space Free | Partition Type: NTFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\awc_***\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Windows\SysWOW64\DeltaIITray.exe ()

PRC - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSLAUNCH.EXE (F-Secure Corporation)

PRC - c:\program files (x86)\trillian\plugins\skypekit.exe ()

PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\SysWOW64\DeltaIITray.exe ()

MOD - c:\program files (x86)\trillian\plugins\skypekit.exe ()

MOD - C:\Program Files (x86)\Trillian\libspeex.dll ()

MOD - C:\Program Files (x86)\Trillian\libpng15.dll ()

MOD - C:\Program Files (x86)\Trillian\libungif.dll ()

MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()

MOD - c:\program files (x86)\trillian\languages\en\buddy.dll ()

MOD - c:\program files (x86)\trillian\languages\en\talk.dll ()

MOD - c:\program files (x86)\trillian\languages\en\trillian.dll ()

MOD - c:\program files (x86)\trillian\languages\en\events.dll ()

MOD - c:\program files (x86)\trillian\languages\en\toolkit.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (DELTAII) Service for M-Audio Delta Driver (WDM) -- C:\Windows\SysNative\drivers\MAudioDelta.sys (Avid Technology, Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)

DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)

DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)

DRV:64bit: - (arusb_win7x) -- C:\Windows\SysNative\drivers\arusb_win7x.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\69E5.tmp (Sophos Plc)

DRV:64bit: - (FXUSBASE) -- C:\Windows\SysNative\drivers\fxusbase.sys (AVM Berlin)

DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH)

DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)

DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)

DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)

DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)

DRV - (HWiNFO32) -- C:\Programme\HWiNFO64\HWiNFO64A.SYS (REALiX(tm))

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 C7 B8 67 9B E4 CB 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.tepela.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=pxCSpChA

IE - HKCU\..\SearchScopes\{57F65DD1-81C4-4203-ABB2-A174760C8461}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=dd990f0d-6ffd-4c2a-be73-17f4191d74f2&apn_sauid=E65AD59B-F911-422C-AF25-D558E3A1EBA4&

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..network.proxy.ftp: "184.58.38.65"

FF - prefs.js..network.proxy.http: "184.106.168.253:80"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.socks: "67.191.152.81 "

FF - prefs.js..network.proxy.socks_port: 1830

FF - prefs.js..network.proxy.ssl: "184.58.38.65"

FF - prefs.js..network.proxy.type: 4

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 16:20:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.15 14:03:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.19 12:26:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\***\AppData\Roaming\IDM\idmmzcc5

 

[2011.02.27 01:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2012.04.14 02:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions

[2011.04.25 18:47:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.03.24 11:53:24 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}

[2011.07.23 14:45:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2012.03.28 23:55:14 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\cacaoweb@cacaoweb.org

[2011.11.17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\askcom.xml

[2011.03.16 20:31:17 | 000,002,198 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\google-search.xml

[2012.04.18 11:46:08 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\icqplugin-1.xml

[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\icqplugin.xml

[2012.04.08 01:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.04.08 01:46:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI

[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.04.08 01:45:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.30\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.30\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.30\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\

CHR - Extension: Angry Birds = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: Session Manager = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\

CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\

CHR - Extension: TinEye Reverse Image Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\

CHR - Extension: Timer = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\khkndikhbnfgibpkpdgdnmdlcfpkichc\1.3_0\

CHR - Extension: Little Alchemy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\

CHR - Extension: Nik Daum = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmkmldnjgfdccdgolepaifdniikpejma\2_0\

CHR - Extension: Google Dictionary (by Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.11_0\

CHR - Extension: Pocket Legends = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\1.7.5.3_0\

CHR - Extension: Google Mail Checker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Connected Mind = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc\1.1.5_0\

 

O1 HOSTS File: ([2012.03.19 16:43:58 | 000,440,678 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 15173 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found

O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{919CA3F9-C138-431A-9882-49E391217ABA}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.19 16:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.04.19 12:33:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F97151B6-C15C-46A6-9060-7EAE240C79C3}

[2012.04.19 12:33:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{27DBF578-C391-4F85-81F7-36F6F31F5BEA}

[2012.04.19 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.04.19 12:09:07 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89263660.sys

[2012.04.19 12:09:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.04.19 12:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.19 12:04:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.04.19 11:39:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012.04.19 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{063FDBBC-0155-47B9-9B69-EDA831C42C6E}

[2012.04.19 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5E276D00-1A86-4FD0-AE26-6F87829B0B0F}

[2012.04.18 23:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg

[2012.04.18 12:00:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F8EF2ABD-277F-4028-946E-A577D15E5114}

[2012.04.18 12:00:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{04368897-ED2C-452E-8E5D-F38DD7B97311}

[2012.04.18 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{262631B2-9E3F-41EE-A1AC-9217430B12A6}

[2012.04.17 23:59:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{87798669-6205-45F7-9DE8-B5B1E8AD2856}

[2012.04.17 15:11:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012.04.17 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{95A8D1CA-E3FA-4212-933D-CE736338B9BD}

[2012.04.17 11:58:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FA49D5E4-A201-43BD-93B4-291E503BAEB6}

[2012.04.16 23:58:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D9AE958-8366-46B3-9DD7-642DBDA3AB25}

[2012.04.16 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{81C72D88-C36A-4361-A645-2C4EF4F96F0F}

[2012.04.16 11:57:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{25BBEAEC-0EFD-4F96-8ECA-6B536BE88BCE}

[2012.04.16 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D9CAEED7-6ACF-443D-801F-59B12859DE3C}

[2012.04.16 00:38:16 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\GaiaMachina

[2012.04.15 23:56:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{7EC193CB-6C08-4A83-B873-4CE5F797B17C}

[2012.04.15 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A8B09E70-71E1-4B63-9AAE-70811D6653E0}

[2012.04.15 20:45:48 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012.04.15 20:45:48 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.04.15 20:45:48 | 000,133,632 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2012.04.15 20:45:48 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2012.04.15 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2012.04.15 20:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games

[2012.04.15 20:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games

[2012.04.15 11:56:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F75CAB67-1706-4C00-B357-4908932F6BDD}

[2012.04.15 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F10E97FA-ED03-41FB-9E97-D47194345A14}

[2012.04.14 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E4E2E912-2CE8-4DEF-AB43-91F637591325}

[2012.04.14 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9A45173C-D124-4D72-B47F-052416D65329}

[2012.04.14 11:54:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{51BF5AC6-FCEA-4C1C-987A-59640B5B80B3}

[2012.04.14 11:54:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{97E873B6-CE46-4BC1-A8AB-7D2E4553953F}

[2012.04.14 02:49:42 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys

[2012.04.14 02:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

[2012.04.14 02:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2012.04.14 02:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2012.04.13 23:53:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A09F1F6E-0D89-4723-9E98-E669EF1A48D2}

[2012.04.13 23:53:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{7EE96697-7DD9-47A9-A890-9FDBE024DE91}

[2012.04.13 19:33:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TeamViewer

[2012.04.13 18:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2012.04.13 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64

[2012.04.13 15:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64

[2012.04.13 11:52:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{46986B76-F4EB-4D0D-A39A-B1D5ED185BE1}

[2012.04.13 11:52:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{592354DB-6FAA-4153-826C-362226A153E3}

[2012.04.13 11:51:11 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012.04.13 11:50:40 | 000,000,000 | ---D | C] -- C:\Windows\de

[2012.04.13 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012.04.13 11:41:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B4C0C2CB-16BD-497F-808F-41646A5614B5}

[2012.04.12 23:40:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{00D7D815-33CB-4A8C-AA2D-59DB5502104D}

[2012.04.12 23:34:37 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\*\Desktop\procexp.exe

[2012.04.12 21:55:07 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.12 21:24:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.04.12 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios

[2012.04.12 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios

[2012.04.12 17:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios

[2012.04.12 11:39:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{99C37F54-8615-451C-BEEA-7B06DE2211CB}

[2012.04.11 23:39:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0A8B169E-DC78-4AD3-B920-DFEC9906FDD2}

[2012.04.11 21:31:56 | 003,993,576 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des

[2012.04.11 21:31:49 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys

[2012.04.11 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared

[2012.04.11 20:28:06 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012.04.11 20:28:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012.04.11 20:28:06 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012.04.11 20:26:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012.04.11 20:26:36 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012.04.11 20:26:35 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012.04.11 20:25:45 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.04.11 20:25:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.04.11 20:25:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.04.11 20:25:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.04.11 20:25:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.04.11 20:25:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.04.11 20:25:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.04.11 11:38:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5E58F638-1901-4F3D-B6C2-72A9C887F51F}

[2012.04.10 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3B58B1AA-3818-4231-8179-401DFEFC9F4D}

[2012.04.10 11:29:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1266F8D2-ED09-4CE8-95E8-29144A9D6E80}

[2012.04.09 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1658D8A0-938A-4B38-90D5-2CAD6BCFF066}

[2012.04.09 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A5735F8E-16C8-4792-AF87-D68DDE3B2427}

[2012.04.08 13:34:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6DDC8B4B-1EEE-4D72-96C9-0AD21374EC12}

[2012.04.08 01:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.04.08 01:46:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012.04.08 01:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012.04.08 01:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012.04.08 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BAF2E003-BC3B-4376-A625-C655CBCD9F31}

[2012.04.07 13:19:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FA671320-2524-4D43-8767-B29E69724657}

[2012.04.07 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2BD297B0-F4CF-403B-85AD-F5BE18686809}

[2012.04.06 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{76E904C0-4EE5-457C-8170-4FB2E36F831B}

[2012.04.06 00:41:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{561CEC4A-71AD-4A31-9312-319F1B4E580A}

[2012.04.05 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{78F7DDB0-43EC-4724-837B-54451463E092}

[2012.04.05 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{03AAAD0C-53A6-44F3-81A7-C40AC1DD5501}

[2012.04.04 15:06:25 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\beh

[2012.04.04 12:00:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{063C53A3-B296-4A13-AA1C-0AAD213B22E6}

[2012.04.03 23:47:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2D73F493-25A2-467D-ADAA-84BF1C1D1E56}

[2012.04.03 18:27:15 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Neuer Ordner

[2012.04.03 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{CCD59EB0-49A1-4DBE-8D14-39CFA8322E9D}

[2012.04.02 14:59:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6CF3AF00-78B6-44D7-A6F7-6AD3C0DCD78C}

[2012.04.02 01:29:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{72A50365-78BA-455B-9F1D-9F725B83BDE7}

[2012.04.01 11:28:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{787D1099-AF38-4E65-A8A7-29A3654877AE}

[2012.03.31 23:28:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F3ABD55F-867F-487E-A365-6077E53EC51D}

[2012.03.31 11:27:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0EF3E41F-CED2-4804-8707-6432CC587A9C}

[2012.03.30 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{EBFF16E4-5A27-498F-9FBC-34AA19B646ED}

[2012.03.30 10:34:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FEBFC2AF-8A2A-4665-AAB2-4259012FCE01}

[2012.03.29 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0D04ABF7-D356-4850-B6F1-AE52D5F33AEB}

[2012.03.29 05:29:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{EBE059D3-48CD-4425-9108-F3E6BF39B2DD}

[2012.03.28 16:42:09 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{20953C6F-1F30-42DD-97B1-DD9BF8A8542B}

[2012.03.28 16:41:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1A85413B-438A-46A1-BFBC-1A10496DA5F2}

[2012.03.27 23:58:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{96D1F40F-14D0-4A4F-B874-8CC1CE54D4F8}

[2012.03.27 23:58:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E7C66D10-8241-4BDD-81C3-1A2420377C09}

[2012.03.27 10:58:59 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{87BA0DCF-4B50-4534-B3CD-60B20605B3B3}

[2012.03.27 10:58:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0EC87842-E126-4BB3-AEA8-36DC45D2783A}

[2012.03.26 14:25:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{13961169-CAD4-4767-ACC0-AC9B380BC8F1}

[2012.03.26 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2D42F454-D18C-484D-857D-0EDB18D8D450}

[2012.03.26 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{524D5408-5477-4658-BD54-659CF3AEAD95}

[2012.03.25 16:52:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B8D0A01E-33AD-4941-855D-60526C926770}

[2012.03.25 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6A7DF72F-C2EE-4217-A698-BA1DFE016B88}

[2012.03.25 14:12:55 | 000,532,480 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\drivers\PAC7302.SYS

[2012.03.25 14:12:55 | 000,141,824 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\SysWow64\SP7302.AX

[2012.03.25 14:12:55 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\AMCap.exe

[2012.03.25 14:12:55 | 000,008,704 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\CoInst.dll

[2012.03.25 14:12:54 | 000,000,000 | ---D | C] -- C:\Windows\Pixart

[2012.03.25 03:17:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D41DF2CB-BB63-43C9-878C-7671B7534062}

[2012.03.25 03:17:29 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A9E41C2D-91C2-4C78-9023-C8F7E62067E6}

[2012.03.24 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A4812894-97C8-4561-907C-0EF242BEFAE8}

[2012.03.24 15:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8AABCBD9-A138-41FD-AC9A-8CD1150845AA}

[2012.03.24 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{240789B6-0A91-4296-83FE-53AC51A28056}

[2012.03.24 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2E3AAC33-F1E0-4903-B1EF-D630BE5C2C3E}

[2012.03.23 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9BE931B5-E1C1-4BF7-806E-00A844D2A83F}

[2012.03.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{68BF5D3C-7931-4416-9E6A-407F087A013A}

[2012.03.22 15:23:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{178B9A57-E153-4CDC-B165-49606336DCA6}

[2012.03.22 15:23:01 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{4182FD70-04A4-49A7-82D7-6F37B71EC325}

[2012.03.22 02:59:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A0E1C79C-730E-4BC7-A7F9-BB808543BBD2}

[2012.03.22 02:58:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9EBD3D06-95F2-4C74-B26E-E83BB54F547F}

[2012.03.21 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9A1E30D7-1DFD-4CA3-B4CD-6040D6E29694}

[2012.03.21 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{4BFCD0AC-2BD9-4198-867F-816E793DF1DA}

[2012.03.21 02:57:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B4954074-2C20-4E36-93CC-ED9C902E7EB8}

[2012.03.21 02:57:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BBC01D8E-7A2F-441E-892E-DE61B8D4F12C}

[2012.03.20 19:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2012.03.20 19:35:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Origin

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.19 16:55:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.19 16:33:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000UA.job

[2012.04.19 12:09:07 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89263660.sys

[2012.04.19 12:03:16 | 000,013,536 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.19 12:03:16 | 000,013,536 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.19 12:02:53 | 000,042,672 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2012.04.19 12:00:46 | 001,507,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.04.19 12:00:46 | 000,658,700 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.04.19 12:00:46 | 000,619,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.04.19 12:00:46 | 000,131,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.04.19 12:00:46 | 000,108,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.04.19 11:55:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.19 11:55:42 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.19 11:38:27 | 001,536,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.04.19 11:38:06 | 000,019,552 | ---- | M] () -- C:\Windows\prodsett_copy.ini

[2012.04.18 17:33:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000Core.job

[2012.04.18 16:55:15 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2012.04.17 08:23:20 | 000,001,291 | ---- | M] () -- C:\Users\***\Desktop\150-McKennaUFOs.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,245 | ---- | M] () -- C:\Users\***\Desktop\02 - Closet.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,174 | ---- | M] () -- C:\Users\***\Desktop\DSC01609.JPG - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,085 | ---- | M] () -- C:\Users\***\Desktop\DotHacker - Eye Opener.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,017 | ---- | M] () -- C:\Users\***\Desktop\avfgdb jhm.jpg - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,003 | ---- | M] () -- C:\Users\***\Desktop\Trillian.jpg - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,999 | ---- | M] () -- C:\Users\***\Desktop\g6kssfib.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,979 | ---- | M] () -- C:\Users\***\Desktop\Avatar.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,951 | ---- | M] () -- C:\Users\***\Desktop\True Hallucinations (Audio Book) - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,720 | ---- | M] () -- C:\Users\***\Desktop\Scanner - Verknüpfung.lnk

[2012.04.15 20:45:48 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012.04.15 20:45:48 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.04.15 20:45:48 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2012.04.15 20:45:48 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2012.04.15 20:45:48 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk

[2012.04.14 15:11:31 | 000,007,589 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg

[2012.04.14 00:55:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.04.14 00:55:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.04.14 00:55:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.13 18:58:50 | 000,317,902 | ---- | M] () -- C:\Users\***\Desktop\Trillian.jpg

[2012.04.13 18:52:07 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012.04.12 22:19:57 | 000,089,812 | ---- | M] () -- C:\Users\***\Desktop\323173_102456616530503_100002984949595_16803_864429181_o.jpg

[2012.04.12 17:41:00 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk

[2012.04.12 01:18:59 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

[2012.04.10 14:32:41 | 000,749,663 | ---- | M] () -- C:\Users\***\Desktop\lalalalal.png

[2012.04.09 15:54:33 | 000,103,902 | ---- | M] () -- C:\Users\***\Desktop\g6kssfib.png

[2012.04.08 14:08:26 | 000,744,830 | ---- | M] () -- C:\Users\***\Desktop\qweqweew.jpg

[2012.04.08 01:45:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012.04.08 01:45:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012.04.08 01:45:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012.04.08 01:45:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012.04.05 12:34:28 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2012.04.05 12:34:26 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2012.04.05 12:34:26 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2012.04.05 12:34:24 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2012.04.05 12:34:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.04.02 16:41:44 | 000,067,261 | ---- | M] () -- C:\Users\***\Desktop\$(KGrHqZ,!ngE9jTwwwylBPeMB!hzyQ~~48_20.jpg

[2012.04.02 10:49:33 | 1179,728,232 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.03.25 14:16:04 | 000,921,636 | ---- | M] () -- C:\PA7302.DAT

[2012.03.23 18:45:11 | 000,000,000 | ---- | M] () -- C:\Users\****\Documents\ts3_clientui-win64-1329301801-2012-03-23 17_45_11.459092.dmp

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.19 12:02:53 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2012.04.19 11:38:06 | 000,019,552 | ---- | C] () -- C:\Windows\prodsett_copy.ini

[2012.04.17 08:23:20 | 000,001,291 | ---- | C] () -- C:\Users\*\Desktop\150-McKennaUFOs.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,245 | ---- | C] () -- C:\Users\*\Desktop\02 - Closet.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,174 | ---- | C] () -- C:\Users\*\Desktop\DSC01609.JPG - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,085 | ---- | C] () -- C:\Users\*\Desktop\DotHacker - Eye Opener.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,017 | ---- | C] () -- C:\Users\*\Desktop\avfgdb jhm.jpg - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,003 | ---- | C] () -- C:\Users\*\Desktop\Trillian.jpg - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,999 | ---- | C] () -- C:\Users\*\Desktop\g6kssfib.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,979 | ---- | C] () -- C:\Users\*\Desktop\Avatar.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,951 | ---- | C] () -- C:\Users\*\Desktop\True Hallucinations (Audio Book) - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,944 | ---- | C] () -- C:\Users\*\Desktop\gw2.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,913 | ---- | C] () -- C:\Users\*\Desktop\CPUID CPU-Z.lnk

[2012.04.17 08:23:20 | 000,000,720 | ---- | C] () -- C:\Users\*\Desktop\Scanner - Verknüpfung.lnk

[2012.04.15 20:45:48 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk

[2012.04.14 02:49:42 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2012.04.13 18:58:50 | 000,317,902 | ---- | C] () -- C:\Users\*\Desktop\Trillian.jpg

[2012.04.13 18:52:07 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk

[2012.04.13 18:52:07 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012.04.12 22:20:01 | 000,089,812 | ---- | C] () -- C:\Users\*\Desktop\323173_102456616530503_100002984949595_16803_864429181_o.jpg

[2012.04.12 21:24:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.12 17:41:00 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk

[2012.04.11 21:31:49 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd

[2012.04.10 14:32:27 | 000,749,663 | ---- | C] () -- C:\Users\*\Desktop\lalalalal.png

[2012.04.08 14:07:57 | 000,744,830 | ---- | C] () -- C:\Users\*\Desktop\qweqweew.jpg

[2012.04.02 16:41:44 | 000,067,261 | ---- | C] () -- C:\Users\*\Desktop\$(KGrHqZ,!ngE9jTwwwylBPeMB!hzyQ~~48_20.jpg

[2012.04.02 10:49:33 | 1179,728,232 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012.03.25 14:15:14 | 000,921,636 | ---- | C] () -- C:\PA7302.DAT

[2012.03.25 14:12:55 | 000,000,868 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI

[2012.03.23 18:45:11 | 000,000,000 | ---- | C] () -- C:\Users\*\Documents\ts3_clientui-win64-1329301801-2012-03-23 17_45_11.459092.dmp

[2012.01.25 19:33:06 | 000,237,872 | ---- | C] () -- C:\Windows\SysWow64\DeltaIITray.exe

[2011.11.15 03:42:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll

[2011.11.14 02:49:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011.11.14 02:49:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011.11.14 02:49:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.11.14 02:49:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.11.14 02:49:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.11.10 15:25:12 | 000,182,222 | ---- | C] () -- C:\ProgramData\1320930928.bdinstall.bin

[2011.11.03 22:04:49 | 000,102,248 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.10.23 12:19:31 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll

[2011.10.17 04:44:40 | 000,237,956 | ---- | C] () -- C:\ProgramData\1318819109.bdinstall.bin

[2011.10.17 03:43:48 | 000,643,821 | ---- | C] () -- C:\ProgramData\1318808714.bdinstall.bin

[2011.10.17 00:02:34 | 000,000,502 | ---- | C] () -- C:\ProgramData\1318802548.bdinstall.bin

[2011.10.13 04:43:40 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.10.06 02:27:52 | 000,017,408 | ---- | C] () -- C:\Users\*\AppData\Local\WebpageIcons.db

[2011.09.22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.09.03 14:17:10 | 000,000,600 | ---- | C] () -- C:\Users\*\AppData\Roaming\winscp.rnd

[2011.06.10 18:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2011.06.10 14:34:37 | 000,000,049 | ---- | C] () -- C:\Windows\SamControlpanel95.INI

[2011.04.25 18:52:22 | 000,000,336 | ---- | C] () -- C:\ProgramData\44228360

[2011.04.25 18:36:00 | 000,007,589 | ---- | C] () -- C:\Users\*\AppData\Local\resmon.resmoncfg

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.04.03 02:04:51 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011.03.22 03:37:08 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat

[2011.03.02 20:49:06 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011.02.27 20:53:09 | 001,536,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.02.27 08:08:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011.02.27 07:58:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2011.02.27 07:58:47 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.02.27 01:28:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.02.26 22:44:22 | 000,000,015 | ---- | C] () -- C:\Windows\Firestorm.INI

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:07BF512B
 

< End of report >

OTL Extras

Code:

OTL Extras logfile created on: 19.04.2012 16:47:20 - Run 1

OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\*\awc_*\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,10% Memory free

14,00 Gb Paging File | 11,71 Gb Available in Paging File | 83,65% Paging File free

Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,51 Gb Total Space | 701,21 Gb Free Space | 75,28% Space Free | Partition Type: NTFS

 

Computer Name: *-PC | User Name: * | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = Opera.HTML] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

"DisableUnicastResponsesToMulticastBroadcast" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{16B2C43D-6C49-4A56-957D-E40CEAA2AC06}" = M-Audio Delta 6.0.8 (x64)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60

"HWiNFO64_is1" = HWiNFO64 Version 3.94

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR 4.01 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{10874B32-2DB2-4F64-8A27-E3F6AEBA299C}" = MAGIX Speed 2 (MSI)

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{3119E2E5-B9F4-4448-BE71-4EFF3FF183C5}" = Path of Exile

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend

"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City

"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV

"{55F6EB79-CAA0-49EF-9C90-5FCE827D5570}" = MAGIX Screenshare

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5DD152A8-BFB3-439E-90CD-5C00C2116E23}" = AmpliTube 3

"{5EF44D3A-E86E-434C-8418-71E277C565DF}" = TP-LINK Wireless Client Utility

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8316191F-EC8D-4E18-B7A8-ED61CEB061C9}" = Samplitude 11 Producer Download Version

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1489-3350-5074-6281" = JDownloader 0.9

"Avira AntiVir Desktop" = Avira Free Antivirus

"DivX Setup" = DivX Setup

"ESET Online Scanner" = ESET Online Scanner v3

"hon" = Heroes of Newerth

"MAGIX_MSI_samplitude_11_producer" = Samplitude 11 Producer Download Version

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Maxthon3" = Maxthon 3

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"mv61xxDriver" = marvell 61xx

"OpenAL" = OpenAL

"SpeedFan" = SpeedFan (remove only)

"TeamViewer 7" = TeamViewer 7

"Trillian" = Trillian

"TuneUp Utilities 2012" = TuneUp Utilities 2012

"WinLiveSuite" = Windows Live Essentials

"ZOTAC FireStorm" = ZOTAC FireStorm

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Timewave Calculator" = Timewave Calculator

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 11.04.2012 23:04:28 | Computer Name = *-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der

 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 11.04.2012 23:40:49 | Computer Name = *-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,

 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004ad14

ID

 des fehlerhaften Prozesses: 0x11a0  Startzeit der fehlerhaften Anwendung: 0x01cd162b5fd49594

Pfad

 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften

 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 4b12e5c8-8451-11e1-bdbe-485b39c043ec

 

Error - 12.04.2012 20:16:25 | Computer Name = *-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der

 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 13.04.2012 20:47:17 | Computer Name = *-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: ChipUtil.exe, Version: 0.6.0.0, Zeitstempel:

 0x4d4c5fa1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:

 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000003  ID des fehlerhaften Prozesses:

 0x3d0  Startzeit der fehlerhaften Anwendung: 0x01cd19d821bacb27  Pfad der fehlerhaften

 Anwendung: C:\Users\*\awc_*\Downloads\ChipUtil.exe  Pfad des fehlerhaften

 Moduls: unknown  Berichtskennung: 61d3e806-85cb-11e1-9bd4-485b39c043ec

 

Error - 13.04.2012 20:47:23 | Computer Name = *-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: ChipUtil.exe, Version: 0.6.0.0, Zeitstempel:

 0x4d4c5fa1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:

 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000003  ID des fehlerhaften Prozesses:

 0x538  Startzeit der fehlerhaften Anwendung: 0x01cd19d826f01e70  Pfad der fehlerhaften

 Anwendung: C:\Users\*\awc_*\Downloads\ChipUtil.exe  Pfad des fehlerhaften

 Moduls: unknown  Berichtskennung: 65c1d252-85cb-11e1-9bd4-485b39c043ec

 

Error - 13.04.2012 23:56:33 | Computer Name = *-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der

 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 14.04.2012 23:12:03 | Computer Name = *-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der

 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 15.04.2012 22:17:10 | Computer Name = *-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der

 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 16.04.2012 21:46:32 | Computer Name = *-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der

 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 18.04.2012 21:50:56 | Computer Name = *-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der

 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

[ System Events ]

Error - 13.04.2012 20:47:22 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "PCI Utility" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 13.04.2012 20:47:22 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "PCI Utility" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%577

 

Error - 14.04.2012 09:02:29 | Computer Name = *-PC | Source = Service Control Manager | ID = 7034

Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 18.04.2012 18:50:23 | Computer Name = *-PC | Source = Service Control Manager | ID = 7034

Description = Dienst "Arp Intelligent Protection Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 19.04.2012 05:36:23 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Arp Intelligent Protection Service" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 19.04.2012 05:43:34 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Arp Intelligent Protection Service" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 19.04.2012 05:44:06 | Computer Name = *-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Hi-Rez Studios Authenticate and Update Service erreicht.

 

Error - 19.04.2012 05:46:37 | Computer Name = *-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243

 

Error - 19.04.2012 05:55:49 | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Arp Intelligent Protection Service" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 19.04.2012 06:02:41 | Computer Name = *-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

 

< End of report >

Hallo wieder,

danke schon mal für die Arbeit und für die Hinweise.
Um das etwas abzukürzen: Bis Punkt 7 habe ich alles verstanden und die anderen Einträge sind okay, die kann ich bestätigen.

Hier der OTL Log:

Code:

All processes killed

========== OTL ==========

Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E :invalid edit format. No such root key.

64bit-Registry key Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E :invalid edit format. No such root key.

Registry key Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E :invalid edit format. No such root key.

Registry key Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key Software\Microsoft\Internet Explorer\SearchScopes\{57F65DD1-81C4-4203-ABB2-A174760C8461}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57F65DD1-81C4-4203-ABB2-A174760C8461}\ not found.

Registry key Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Users\*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Users\*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.

C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\askcom.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000UA.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987780610-3538441487-330058490-1000Core.job moved successfully.

ADS C:\ProgramData\TEMP:07BF512B deleted successfully.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\*\awc_*\Downloads\cmd.bat deleted successfully.

C:\Users\*\awc_*\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: *

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 231362025 bytes

->Java cache emptied: 425234266 bytes

->FireFox cache emptied: 1265377965 bytes

->Google Chrome cache emptied: 440273317 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 172937 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 4 bytes

%systemroot% .tmp files removed: 155648 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 280925 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes

RecycleBin emptied: 6634525 bytes

 

Total Files Cleaned = 2.260,00 mb

 

 

OTL by OldTimer - Version 3.2.40.0 log created on 04202012_114025
 

Files\Folders moved on Reboot...

C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.

C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.

C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.

C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.

C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.

C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\data_5 moved successfully.

C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
 

Registry entries deleted on Reboot...

Hier der Superantispywarelog:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 04/20/2012 at 12:30 PM
 

Application Version : 5.0.1146
 

Core Rules Database Version : 8486

Trace Rules Database Version: 6298
 

Scan type       : Complete Scan

Total Scan Time : 00:33:25
 

Operating System Information

Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 528

Memory threats detected   : 0

Registry items scanned    : 65143

Registry threats detected : 0

File items scanned        : 55160

File threats detected     : 1
 

Trojan.Agent/Gen-MSFake

        C:\USERS\*\APPDATA\ROAMING\DESKTOPICONFORAMAZON\ICONFORAMAZON.EXE

9. wird bald nachgeliefert.

Hier der OTL Log, diesmal kein Extra dabei:

Code:

OTL logfile created on: 20.04.2012 14:55:11 - Run 2

OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\*\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 4,26 Gb Available Physical Memory | 53,32% Memory free

14,00 Gb Paging File | 9,86 Gb Available in Paging File | 70,45% Paging File free

Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,51 Gb Total Space | 703,03 Gb Free Space | 75,47% Space Free | Partition Type: NTFS

 

Computer Name: *-PC | User Name: * | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.20 14:32:47 | 000,102,400 | ---- | M] (S2 Games) -- c:\Program Files (x86)\Heroes of Newerth\hon.exe

PRC - [2012.04.19 12:18:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\*\Downloads\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.01.25 19:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe

PRC - [2011.12.19 01:00:00 | 003,284,992 | ---- | M] () -- c:\program files (x86)\trillian\plugins\skypekit.exe

PRC - [2011.12.19 01:00:00 | 002,362,720 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe

PRC - [2011.09.23 19:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.09.23 19:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.09.23 12:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.12.28 22:33:02 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.20 14:32:47 | 009,297,920 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\k2.dll

MOD - [2012.04.20 14:32:47 | 000,774,144 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\vid_d3d9.dll

MOD - [2012.04.20 14:32:23 | 004,603,904 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\game\game_shared.dll

MOD - [2012.04.20 14:32:23 | 001,896,448 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\game\cgame.dll

MOD - [2012.04.18 12:35:58 | 000,441,840 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\ppGoogleNaClPluginChrome.dll

MOD - [2012.04.18 12:35:56 | 003,921,904 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\pdf.dll

MOD - [2012.04.18 12:34:41 | 000,553,456 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\libglesv2.dll

MOD - [2012.04.18 12:34:40 | 000,117,744 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\libegl.dll

MOD - [2012.04.18 12:34:30 | 000,134,656 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\avutil-51.dll

MOD - [2012.04.18 12:34:29 | 000,250,368 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\avformat-54.dll

MOD - [2012.04.18 12:34:28 | 002,375,680 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\avcodec-54.dll

MOD - [2012.04.18 11:35:12 | 008,743,584 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\gcswf32.dll

MOD - [2012.04.18 11:35:12 | 008,743,584 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\APPLIC~1\190108~1.30\gcswf32.dll

MOD - [2012.04.12 21:26:26 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MOD - [2012.04.12 21:26:21 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MOD - [2012.03.23 13:59:23 | 002,275,328 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\libsndfile-1.dll

MOD - [2012.03.23 13:59:23 | 000,456,704 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\openal32.dll

MOD - [2012.02.16 22:28:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.16 22:28:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012.02.16 22:28:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012.02.03 15:47:21 | 000,102,400 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\sfml-audio.dll

MOD - [2012.02.03 15:47:21 | 000,033,792 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\sfml-system.dll

MOD - [2012.01.25 19:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe

MOD - [2011.12.19 01:00:00 | 003,284,992 | ---- | M] () -- c:\program files (x86)\trillian\plugins\skypekit.exe

MOD - [2011.12.19 01:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\Trillian\libspeex.dll

MOD - [2011.12.19 01:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll

MOD - [2011.12.19 01:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll

MOD - [2011.12.19 01:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll

MOD - [2011.12.19 01:00:00 | 000,011,264 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\buddy.dll

MOD - [2011.12.19 01:00:00 | 000,007,168 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\talk.dll

MOD - [2011.12.19 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\trillian.dll

MOD - [2011.12.19 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\events.dll

MOD - [2011.12.19 01:00:00 | 000,003,584 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\toolkit.dll

MOD - [2011.10.13 13:07:16 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll

MOD - [2011.10.13 13:06:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010.01.28 00:59:18 | 000,074,240 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\zlibwapi.dll

MOD - [2009.06.05 07:16:26 | 000,664,576 | ---- | M] () -- c:\Program Files (x86)\Heroes of Newerth\libxml2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2012.04.05 12:34:24 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.04.14 00:55:09 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012.04.05 12:34:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.11.17 18:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2011.09.23 19:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.09.23 19:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.09.23 13:44:37 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.12.28 22:33:02 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.15 14:33:30 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.01.25 19:32:58 | 000,339,760 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)

DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.09.21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2011.09.16 00:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.09.16 00:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)

DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)

DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2010.06.01 18:28:10 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\arusb_win7x.sys -- (arusb_win7x)

DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009.08.24 07:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:36:04 | 000,694,272 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxusbase.sys -- (FXUSBASE)

DRV:64bit: - [2009.06.10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)

DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.12 00:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)

DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)

DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)

DRV:64bit: - [2007.10.12 02:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007.10.12 01:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)

DRV - [2012.02.07 14:09:00 | 000,030,592 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO64\HWiNFO64A.SYS -- (HWiNFO32)

DRV - [2011.10.31 17:22:10 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV - [2011.06.02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004.12.31 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 C7 B8 67 9B E4 CB 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.tepela.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=pxCSpChA

IE - HKCU\..\SearchScopes\{57F65DD1-81C4-4203-ABB2-A174760C8461}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=dd990f0d-6ffd-4c2a-be73-17f4191d74f2&apn_sauid=E65AD59B-F911-422C-AF25-D558E3A1EBA4&

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..network.proxy.ftp: "184.58.38.65"

FF - prefs.js..network.proxy.http: "184.106.168.253:80"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.socks: "67.191.152.81 "

FF - prefs.js..network.proxy.socks_port: 1830

FF - prefs.js..network.proxy.ssl: "184.58.38.65"

FF - prefs.js..network.proxy.type: 4

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 16:20:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.15 14:03:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.19 12:26:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\*\AppData\Roaming\IDM\idmmzcc5

 

[2011.02.27 01:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions

[2012.04.14 02:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions

[2011.04.25 18:47:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.03.24 11:53:24 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}

[2011.07.23 14:45:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2012.03.28 23:55:14 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\misehbek.default\extensions\cacaoweb@cacaoweb.org

[2011.03.16 20:31:17 | 000,002,198 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\google-search.xml

[2012.04.18 11:46:08 | 000,000,950 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\icqplugin-1.xml

[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\misehbek.default\searchplugins\icqplugin.xml

[2012.04.08 01:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.04.08 01:46:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI

() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MISEHBEK.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI

[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.04.08 01:45:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\19.0.1084.30\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\*\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

CHR - plugin: Google Update (Enabled) = C:\Users\*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\

CHR - Extension: Angry Birds = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: Session Manager = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\

CHR - Extension: YouTube = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\

CHR - Extension: TinEye Reverse Image Search = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\

CHR - Extension: Timer = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\khkndikhbnfgibpkpdgdnmdlcfpkichc\1.3_0\

CHR - Extension: Little Alchemy = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\

CHR - Extension: Nik Daum = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmkmldnjgfdccdgolepaifdniikpejma\2_0\

CHR - Extension: Google Dictionary (by Google) = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.11_0\

CHR - Extension: Pocket Legends = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\1.7.5.3_0\

CHR - Extension: Google Mail Checker = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Connected Mind = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc\1.1.5_0\

 

O1 HOSTS File: ([2012.03.19 16:43:58 | 000,440,678 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 15173 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{919CA3F9-C138-431A-9882-49E391217ABA}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.20 15:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net

[2012.04.20 12:51:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F7464888-C73D-4680-8DE5-3E425914F249}

[2012.04.20 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E18F1A96-0041-40E9-B231-F46D9FB7F910}

[2012.04.20 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\SUPERAntiSpyware.com

[2012.04.20 11:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.04.20 11:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.04.20 11:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.04.20 11:40:25 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.04.20 00:39:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{34D634BC-1066-44AE-9D58-BF841DDB8AC8}

[2012.04.20 00:38:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{87B75A8D-D9A2-4F4E-8E0B-00B75DCA30FD}

[2012.04.19 17:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\seRapid

[2012.04.19 16:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.04.19 12:33:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F97151B6-C15C-46A6-9060-7EAE240C79C3}

[2012.04.19 12:33:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{27DBF578-C391-4F85-81F7-36F6F31F5BEA}

[2012.04.19 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.04.19 12:09:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.04.19 12:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.19 12:04:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.04.19 11:39:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012.04.19 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{063FDBBC-0155-47B9-9B69-EDA831C42C6E}

[2012.04.19 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5E276D00-1A86-4FD0-AE26-6F87829B0B0F}

[2012.04.18 23:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg

[2012.04.18 23:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2012.04.18 12:00:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F8EF2ABD-277F-4028-946E-A577D15E5114}

[2012.04.18 12:00:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{04368897-ED2C-452E-8E5D-F38DD7B97311}

[2012.04.18 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{262631B2-9E3F-41EE-A1AC-9217430B12A6}

[2012.04.17 23:59:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{87798669-6205-45F7-9DE8-B5B1E8AD2856}

[2012.04.17 15:11:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012.04.17 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{95A8D1CA-E3FA-4212-933D-CE736338B9BD}

[2012.04.17 11:58:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FA49D5E4-A201-43BD-93B4-291E503BAEB6}

[2012.04.16 23:58:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D9AE958-8366-46B3-9DD7-642DBDA3AB25}

[2012.04.16 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{81C72D88-C36A-4361-A645-2C4EF4F96F0F}

[2012.04.16 11:57:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{25BBEAEC-0EFD-4F96-8ECA-6B536BE88BCE}

[2012.04.16 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D9CAEED7-6ACF-443D-801F-59B12859DE3C}

[2012.04.16 00:38:16 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\GaiaMachina

[2012.04.15 23:56:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{7EC193CB-6C08-4A83-B873-4CE5F797B17C}

[2012.04.15 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A8B09E70-71E1-4B63-9AAE-70811D6653E0}

[2012.04.15 20:45:48 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012.04.15 20:45:48 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.04.15 20:45:48 | 000,133,632 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2012.04.15 20:45:48 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2012.04.15 20:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2012.04.15 20:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games

[2012.04.15 20:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games

[2012.04.15 11:56:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F75CAB67-1706-4C00-B357-4908932F6BDD}

[2012.04.15 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F10E97FA-ED03-41FB-9E97-D47194345A14}

[2012.04.14 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E4E2E912-2CE8-4DEF-AB43-91F637591325}

[2012.04.14 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9A45173C-D124-4D72-B47F-052416D65329}

[2012.04.14 11:54:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{51BF5AC6-FCEA-4C1C-987A-59640B5B80B3}

[2012.04.14 11:54:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{97E873B6-CE46-4BC1-A8AB-7D2E4553953F}

[2012.04.14 02:49:42 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys

[2012.04.14 02:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

[2012.04.14 02:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2012.04.14 02:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2012.04.13 23:53:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A09F1F6E-0D89-4723-9E98-E669EF1A48D2}

[2012.04.13 23:53:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{7EE96697-7DD9-47A9-A890-9FDBE024DE91}

[2012.04.13 19:33:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TeamViewer

[2012.04.13 18:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2012.04.13 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64

[2012.04.13 15:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64

[2012.04.13 11:52:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{46986B76-F4EB-4D0D-A39A-B1D5ED185BE1}

[2012.04.13 11:52:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{592354DB-6FAA-4153-826C-362226A153E3}

[2012.04.13 11:51:11 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012.04.13 11:50:40 | 000,000,000 | ---D | C] -- C:\Windows\de

[2012.04.13 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012.04.13 11:41:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B4C0C2CB-16BD-497F-808F-41646A5614B5}

[2012.04.12 23:40:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{00D7D815-33CB-4A8C-AA2D-59DB5502104D}

[2012.04.12 23:34:37 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\*\Desktop\procexp.exe

[2012.04.12 21:55:07 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.12 21:24:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.04.12 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios

[2012.04.12 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios

[2012.04.12 17:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios

[2012.04.12 11:39:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{99C37F54-8615-451C-BEEA-7B06DE2211CB}

[2012.04.11 23:39:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0A8B169E-DC78-4AD3-B920-DFEC9906FDD2}

[2012.04.11 21:31:56 | 003,993,576 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des

[2012.04.11 21:31:49 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys

[2012.04.11 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared

[2012.04.11 20:44:58 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\JDownloaderUpdater2b

[2012.04.11 20:35:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DesktopIconForAmazon

[2012.04.11 20:28:06 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012.04.11 20:28:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012.04.11 20:28:06 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012.04.11 20:26:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012.04.11 20:26:36 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012.04.11 20:26:35 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012.04.11 20:25:45 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.04.11 20:25:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.04.11 20:25:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.04.11 20:25:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.04.11 20:25:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.04.11 20:25:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.04.11 20:25:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.04.11 11:38:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5E58F638-1901-4F3D-B6C2-72A9C887F51F}

[2012.04.10 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3B58B1AA-3818-4231-8179-401DFEFC9F4D}

[2012.04.10 11:29:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1266F8D2-ED09-4CE8-95E8-29144A9D6E80}

[2012.04.09 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1658D8A0-938A-4B38-90D5-2CAD6BCFF066}

[2012.04.09 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A5735F8E-16C8-4792-AF87-D68DDE3B2427}

[2012.04.08 17:10:06 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\GUILD WARS 2

[2012.04.08 17:09:57 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\GUILD WARS

[2012.04.08 13:34:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6DDC8B4B-1EEE-4D72-96C9-0AD21374EC12}

[2012.04.08 01:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.04.08 01:46:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012.04.08 01:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012.04.08 01:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012.04.08 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BAF2E003-BC3B-4376-A625-C655CBCD9F31}

[2012.04.07 13:19:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FA671320-2524-4D43-8767-B29E69724657}

[2012.04.07 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2BD297B0-F4CF-403B-85AD-F5BE18686809}

[2012.04.06 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{76E904C0-4EE5-457C-8170-4FB2E36F831B}

[2012.04.06 00:41:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{561CEC4A-71AD-4A31-9312-319F1B4E580A}

[2012.04.05 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{78F7DDB0-43EC-4724-837B-54451463E092}

[2012.04.05 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{03AAAD0C-53A6-44F3-81A7-C40AC1DD5501}

[2012.04.04 15:06:25 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\beh

[2012.04.04 12:00:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{063C53A3-B296-4A13-AA1C-0AAD213B22E6}

[2012.04.03 23:47:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2D73F493-25A2-467D-ADAA-84BF1C1D1E56}

[2012.04.03 18:27:15 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Neuer Ordner

[2012.04.03 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{CCD59EB0-49A1-4DBE-8D14-39CFA8322E9D}

[2012.04.02 14:59:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6CF3AF00-78B6-44D7-A6F7-6AD3C0DCD78C}

[2012.04.02 01:29:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{72A50365-78BA-455B-9F1D-9F725B83BDE7}

[2012.04.01 11:28:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{787D1099-AF38-4E65-A8A7-29A3654877AE}

[2012.03.31 23:28:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F3ABD55F-867F-487E-A365-6077E53EC51D}

[2012.03.31 11:27:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0EF3E41F-CED2-4804-8707-6432CC587A9C}

[2012.03.30 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{EBFF16E4-5A27-498F-9FBC-34AA19B646ED}

[2012.03.30 10:34:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FEBFC2AF-8A2A-4665-AAB2-4259012FCE01}

[2012.03.29 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0D04ABF7-D356-4850-B6F1-AE52D5F33AEB}

[2012.03.29 05:29:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{EBE059D3-48CD-4425-9108-F3E6BF39B2DD}

[2012.03.28 16:42:09 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{20953C6F-1F30-42DD-97B1-DD9BF8A8542B}

[2012.03.28 16:41:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1A85413B-438A-46A1-BFBC-1A10496DA5F2}

[2012.03.27 23:58:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{96D1F40F-14D0-4A4F-B874-8CC1CE54D4F8}

[2012.03.27 23:58:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E7C66D10-8241-4BDD-81C3-1A2420377C09}

[2012.03.27 10:58:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{87BA0DCF-4B50-4534-B3CD-60B20605B3B3}

[2012.03.27 10:58:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{0EC87842-E126-4BB3-AEA8-36DC45D2783A}

[2012.03.26 14:25:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{13961169-CAD4-4767-ACC0-AC9B380BC8F1}

[2012.03.26 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2D42F454-D18C-484D-857D-0EDB18D8D450}

[2012.03.26 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{524D5408-5477-4658-BD54-659CF3AEAD95}

[2012.03.25 16:52:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B8D0A01E-33AD-4941-855D-60526C926770}

[2012.03.25 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6A7DF72F-C2EE-4217-A698-BA1DFE016B88}

[2012.03.25 14:12:55 | 000,532,480 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\drivers\PAC7302.SYS

[2012.03.25 14:12:55 | 000,141,824 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\SysWow64\SP7302.AX

[2012.03.25 14:12:55 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\AMCap.exe

[2012.03.25 14:12:55 | 000,008,704 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\CoInst.dll

[2012.03.25 14:12:54 | 000,000,000 | ---D | C] -- C:\Windows\Pixart

[2012.03.25 03:17:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D41DF2CB-BB63-43C9-878C-7671B7534062}

[2012.03.25 03:17:29 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A9E41C2D-91C2-4C78-9023-C8F7E62067E6}

[2012.03.24 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A4812894-97C8-4561-907C-0EF242BEFAE8}

[2012.03.24 15:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8AABCBD9-A138-41FD-AC9A-8CD1150845AA}

[2012.03.24 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{240789B6-0A91-4296-83FE-53AC51A28056}

[2012.03.24 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{2E3AAC33-F1E0-4903-B1EF-D630BE5C2C3E}

[2012.03.23 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9BE931B5-E1C1-4BF7-806E-00A844D2A83F}

[2012.03.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{68BF5D3C-7931-4416-9E6A-407F087A013A}

[2012.03.22 15:23:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{178B9A57-E153-4CDC-B165-49606336DCA6}

[2012.03.22 15:23:01 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\{4182FD70-04A4-49A7-82D7-6F37B71EC325}

[2012.03.22 02:59:19 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{A0E1C79C-730E-4BC7-A7F9-BB808543BBD2}

[2012.03.22 02:58:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{9EBD3D06-95F2-4C74-B26E-E83BB54F547F}

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.20 14:55:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.20 11:54:44 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.04.20 11:53:03 | 000,013,536 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.20 11:53:03 | 000,013,536 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.20 11:51:23 | 001,506,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.04.20 11:51:23 | 000,658,700 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.04.20 11:51:23 | 000,619,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.04.20 11:51:23 | 000,131,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.04.20 11:51:23 | 000,108,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.04.20 11:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.20 11:45:33 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.19 21:31:22 | 000,001,084 | ---- | M] () -- C:\Windows\seRapid.INI

[2012.04.19 17:23:30 | 000,000,929 | ---- | M] () -- C:\Users\*\Desktop\InfoRapid Suchen & Ersetzen.lnk

[2012.04.19 12:02:53 | 000,042,672 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2012.04.19 11:38:27 | 001,536,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.04.19 11:38:06 | 000,019,552 | ---- | M] () -- C:\Windows\prodsett_copy.ini

[2012.04.18 16:55:15 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2012.04.18 16:55:15 | 000,000,913 | ---- | M] () -- C:\Users\*\Desktop\CPUID CPU-Z.lnk

[2012.04.17 08:23:20 | 000,001,321 | ---- | M] () -- C:\Users\*\Desktop\11 Jesus On Acid.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,291 | ---- | M] () -- C:\Users\*\Desktop\150-McKennaUFOs.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,245 | ---- | M] () -- C:\Users\*\Desktop\02 - Closet.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,174 | ---- | M] () -- C:\Users\*\Desktop\DSC01609.JPG - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,085 | ---- | M] () -- C:\Users\*\Desktop\DotHacker - Eye Opener.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,017 | ---- | M] () -- C:\Users\*\Desktop\avfgdb jhm.jpg - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,999 | ---- | M] () -- C:\Users\*\Desktop\g6kssfib.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,979 | ---- | M] () -- C:\Users\*\Desktop\Avatar.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,951 | ---- | M] () -- C:\Users\*\Desktop\True Hallucinations (Audio Book) - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,944 | ---- | M] () -- C:\Users\*\Desktop\gw2.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,720 | ---- | M] () -- C:\Users\*\Desktop\Scanner - Verknüpfung.lnk

[2012.04.15 20:45:48 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012.04.15 20:45:48 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.04.15 20:45:48 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2012.04.15 20:45:48 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2012.04.15 20:45:48 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk

[2012.04.14 20:50:18 | 000,037,496 | ---- | M] () -- C:\Users\*\Desktop\annegarcia.png

[2012.04.14 15:11:31 | 000,007,589 | ---- | M] () -- C:\Users\*\AppData\Local\resmon.resmoncfg

[2012.04.14 00:55:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.04.14 00:55:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.04.14 00:55:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.13 19:10:15 | 000,104,181 | ---- | M] () -- C:\Users\*\Desktop\Ghost-Recon-Online-Classes.jpg

[2012.04.13 18:58:50 | 000,317,902 | ---- | M] () -- C:\Users\*\Desktop\Trillian.jpg

[2012.04.13 18:52:07 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012.04.12 17:41:00 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk

[2012.04.12 01:18:59 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

[2012.04.09 15:54:33 | 000,103,902 | ---- | M] () -- C:\Users\*\Desktop\g6kssfib.png

[2012.04.08 01:45:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012.04.08 01:45:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012.04.08 01:45:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012.04.08 01:45:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012.04.05 12:34:28 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2012.04.05 12:34:26 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2012.04.05 12:34:26 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2012.04.05 12:34:24 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2012.04.05 12:34:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.03.25 14:16:04 | 000,921,636 | ---- | M] () -- C:\PA7302.DAT

[2012.03.23 18:45:11 | 000,000,000 | ---- | M] () -- C:\Users\*\Documents\ts3_clientui-win64-1329301801-2012-03-23 17_45_11.459092.dmp

 
 ========== Files Created - No Company Name ==========

 

[2012.04.20 11:54:44 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.04.19 17:32:50 | 000,001,084 | ---- | C] () -- C:\Windows\seRapid.INI

[2012.04.19 17:23:30 | 000,000,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfoRapid Suchen & Ersetzen.lnk

[2012.04.19 17:23:30 | 000,000,929 | ---- | C] () -- C:\Users\*\Desktop\InfoRapid Suchen & Ersetzen.lnk

[2012.04.19 12:02:53 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2012.04.19 11:38:06 | 000,019,552 | ---- | C] () -- C:\Windows\prodsett_copy.ini

[2012.04.17 08:23:20 | 000,001,291 | ---- | C] () -- C:\Users\*\Desktop\150-McKennaUFOs.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,245 | ---- | C] () -- C:\Users\*\Desktop\02 - Closet.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,174 | ---- | C] () -- C:\Users\*\Desktop\DSC01609.JPG - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,085 | ---- | C] () -- C:\Users\*\Desktop\DotHacker - Eye Opener.mp3 - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,001,017 | ---- | C] () -- C:\Users\*\Desktop\avfgdb jhm.jpg - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,999 | ---- | C] () -- C:\Users\*\Desktop\g6kssfib.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,979 | ---- | C] () -- C:\Users\*\Desktop\Avatar.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,951 | ---- | C] () -- C:\Users\*\Desktop\True Hallucinations (Audio Book) - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,944 | ---- | C] () -- C:\Users\*\Desktop\gw2.png - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,913 | ---- | C] () -- C:\Users\*\Desktop\CPUID CPU-Z.lnk

[2012.04.17 08:23:20 | 000,000,789 | ---- | C] () -- C:\Users\*\Desktop\VA-2001-WL-OST - Verknüpfung.lnk

[2012.04.17 08:23:20 | 000,000,720 | ---- | C] () -- C:\Users\*\Desktop\Scanner - Verknüpfung.lnk

[2012.04.15 20:45:48 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk

[2012.04.14 02:49:42 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2012.04.13 19:10:18 | 000,104,181 | ---- | C] () -- C:\Users\*\Desktop\Ghost-Recon-Online-Classes.jpg

[2012.04.13 18:58:50 | 000,317,902 | ---- | C] () -- C:\Users\*\Desktop\Trillian.jpg

[2012.04.13 18:52:07 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk

[2012.04.13 18:52:07 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012.04.12 21:24:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.12 17:41:00 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk

[2012.04.11 21:31:49 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd

[2012.03.25 14:15:14 | 000,921,636 | ---- | C] () -- C:\PA7302.DAT

[2012.03.25 14:12:55 | 000,000,868 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI

[2012.03.23 18:45:11 | 000,000,000 | ---- | C] () -- C:\Users\**\Documents\ts3_clientui-win64-1329301801-2012-03-23 17_45_11.459092.dmp

[2012.01.25 19:33:06 | 000,237,872 | ---- | C] () -- C:\Windows\SysWow64\DeltaIITray.exe

[2011.11.15 03:42:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll

[2011.11.14 02:49:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011.11.14 02:49:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011.11.14 02:49:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.11.14 02:49:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.11.14 02:49:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.11.10 15:25:12 | 000,182,222 | ---- | C] () -- C:\ProgramData\1320930928.bdinstall.bin

[2011.11.03 22:04:49 | 000,102,248 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.10.23 12:19:31 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll

[2011.10.17 04:44:40 | 000,237,956 | ---- | C] () -- C:\ProgramData\1318819109.bdinstall.bin

[2011.10.17 03:43:48 | 000,643,821 | ---- | C] () -- C:\ProgramData\1318808714.bdinstall.bin

[2011.10.17 00:02:34 | 000,000,502 | ---- | C] () -- C:\ProgramData\1318802548.bdinstall.bin

[2011.10.13 04:43:40 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.10.06 02:27:52 | 000,017,408 | ---- | C] () -- C:\Users\*\AppData\Local\WebpageIcons.db

[2011.09.22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.09.03 14:17:10 | 000,000,600 | ---- | C] () -- C:\Users\*\AppData\Roaming\winscp.rnd

[2011.06.10 18:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2011.06.10 14:34:37 | 000,000,049 | ---- | C] () -- C:\Windows\SamControlpanel95.INI

[2011.04.25 18:52:22 | 000,000,336 | ---- | C] () -- C:\ProgramData\44228360

[2011.04.25 18:36:00 | 000,007,589 | ---- | C] () -- C:\Users\*\AppData\Local\resmon.resmoncfg

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.04.03 02:04:51 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011.03.22 03:37:08 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat

[2011.03.02 20:49:06 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011.02.27 20:53:09 | 001,536,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.02.27 08:08:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011.02.27 07:58:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2011.02.27 07:58:47 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.02.27 01:28:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.02.26 22:44:22 | 000,000,015 | ---- | C] () -- C:\Windows\Firestorm.INI

 
 ========== LOP Check ==========

 

[2011.07.23 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\.minecraft

[2011.11.05 13:47:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\.purple

[2011.10.10 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\2K Sports

[2011.11.01 14:55:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Atari

[2011.11.19 17:39:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Auslogics

[2011.03.26 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Cuuq

[2012.04.14 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DesktopIconForAmazon

[2011.09.03 16:29:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DMCache

[2011.08.28 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FileZilla

[2012.04.06 16:23:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ

[2012.02.06 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\IDM

[2011.09.01 23:47:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\JoyChina

[2011.09.02 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Kalypso Media

[2011.08.03 20:26:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech

[2011.04.22 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\LolClient

[2011.08.07 18:19:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MAGIX

[2011.11.19 17:53:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ManyCam

[2012.01.24 16:44:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Maxthon3

[2011.04.28 22:41:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MMOUI

[2011.03.23 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mumble

[2011.10.20 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenCandy

[2011.05.30 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org

[2011.09.02 19:41:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera

[2012.03.20 19:36:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Origin

[2011.10.17 01:46:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\QuickScan

[2012.03.19 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Rebeed

[2012.03.18 00:27:36 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Rift

[2011.04.23 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Stardock

[2011.08.06 21:49:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\streamWriter

[2012.04.13 20:12:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer

[2012.04.02 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Trillian

[2012.04.20 11:52:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TS3Client

[2012.01.05 05:54:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ts3overlay

[2011.09.01 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software

[2011.10.20 19:01:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Tunngle

[2011.12.25 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Unity

[2012.03.19 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Uwsoo

[2011.03.31 00:59:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Weba

[2011.02.27 16:37:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Windows Live Writer

[2012.03.08 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Xeip

[2012.03.08 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zio

[2012.02.16 22:26:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >