| hilfe8545 | 21.07.2012 00:09 |
danke für diese schnelle antwort.
haben nun einen scan mit OTL gemacht.
hier das ergebnis:
OTL Logfile: Code:
OTL logfile created on: 20.07.2012 23:51:37 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 3,08 Gb Available Physical Memory | 83,73% Memory free
7,36 Gb Paging File | 6,79 Gb Available in Paging File | 92,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 163,00 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
Computer Name: FBI | User Name: ***** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SystemExplorerHelpService) -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe (Mister Group)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (MatSvc) -- C:\Programme\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FileZilla Server) -- c:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x64\Sandra.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (DiskSec) -- C:\Windows\SysNative\drivers\disksec.sys (MAGIX)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (VirtualDisk_U) -- C:\Windows\SysNative\drivers\virtualdisk_u.sys (MAGIX)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\*****\Downloads\spiele\arma2__operation_arrowhead
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={EABDF0B7-1E39-4B8C-B800-94365A76A6DC}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "_blank"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=417&sr=0&q="
FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.11 23:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 05:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.16 21:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.16 21:25:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.16 21:25:51 | 000,000,000 | ---D | M]
[2012.02.07 23:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.07.16 15:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions
[2011.11.25 04:50:15 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.07.10 03:47:44 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2012.07.01 00:08:28 | 000,000,000 | ---D | M] (PrivacySuite) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\abine@abine.com
[2012.02.17 23:20:45 | 000,000,000 | ---D | M] (BYTubeD - Bulk (Batch) YouTube video Downloader) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2011.07.07 14:37:18 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.19 01:41:58 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.07.04 14:01:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\firefox@ghostery.com
[2012.05.22 01:42:11 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\foxyproxy@eric.h.jung
[2012.05.22 02:04:03 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\foxyproxy-basic@eric.h.jung
[2012.05.17 01:41:58 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\dxdj0dd9.default\extensions\ich@maltegoetz.de
[2011.10.08 04:40:11 | 000,002,503 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\dxdj0dd9.default\searchplugins\SearchResults.xml
[2012.05.09 13:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.09 13:59:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2011.11.09 13:58:54 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012.02.25 03:08:01 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2011.07.09 06:11:00 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012.01.24 03:46:07 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.07.14 14:45:07 | 001,611,859 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.09.10 01:54:23 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.05.02 14:11:44 | 000,216,913 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI
[2011.11.14 05:35:08 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXDJ0DD9.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.06.23 05:12:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.12 11:47:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.23 05:12:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.11 13:53:01 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.23 05:12:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 05:12:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 05:12:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.08 04:40:11 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.06.23 05:12:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 05:12:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Web Developer = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4_0\
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Virtual Piano Black = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjagcpcbacoaogfljhglghpjhkmmfeeo\4_0\
CHR - Extension: FlashBlock = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Disconnect = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.5.6_0\
CHR - Extension: Little Alchemy = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\
CHR - Extension: Zombie Pandemic = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl\1_0\
CHR - Extension: Ghostery = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\3.0.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.02.07 23:04:27 | 000,441,186 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15163 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = x-akten
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D9C0F4-981B-434E-AF2D-271C857BFB60}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0dd7cd71-6238-11e0-9a29-1c7508345b36}\Shell - "" = AutoRun
O33 - MountPoints2\{0dd7cd71-6238-11e0-9a29-1c7508345b36}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{4ce1b4f3-dd85-11e0-93d8-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce1b4f3-dd85-11e0-93d8-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4ce1b51a-dd85-11e0-93d8-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce1b51a-dd85-11e0-93d8-18f46a74b161}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{853f01b0-af20-11e0-8c04-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{853f01b0-af20-11e0-8c04-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{853f01d8-af20-11e0-8c04-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{853f01d8-af20-11e0-8c04-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d0b0ed4b-4200-11e0-9568-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b0ed4b-4200-11e0-9568-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d0b0ed6b-4200-11e0-9568-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b0ed6b-4200-11e0-9568-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d36e7c13-42b2-11e0-bbc9-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{d36e7c13-42b2-11e0-bbc9-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d36e7c16-42b2-11e0-bbc9-18f46a74b161}\Shell - "" = AutoRun
O33 - MountPoints2\{d36e7c16-42b2-11e0-bbc9-18f46a74b161}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fb70e86f-b646-11e1-aa58-1c7508345b36}\Shell - "" = AutoRun
O33 - MountPoints2\{fb70e86f-b646-11e1-aa58-1c7508345b36}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3BA17561-E6A1-7D59-BE48-7F547EA398AF} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4CABB4C4-F982-C1B2-31DB-CB8AE54CACD6} - Microsoft Windows Media Player 12.0
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8E82367E-E8F2-550A-CDF2-506C7411EF42} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk - C:\PROGRA~2\ALDITA~1\ALDITA~2.EXE - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Eraser - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: UVS11 Preload - hkey= - key= - C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2012.07.19 23:19:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.07.19 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\maleware_logs
[2012.07.19 16:17:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.07.19 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.19 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 16:17:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.19 16:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.19 16:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.19 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\rettung
[2012.07.16 21:11:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.07.16 21:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.07.16 21:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2012.07.16 01:06:14 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\dayz_medien
[2012.07.14 22:54:53 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\eimkommenssteuer2011
[2012.07.13 23:19:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\DayZ-1.7.2
[2012.07.13 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\backup
[2012.07.13 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ArmA 2 OA
[2012.07.13 19:58:29 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\ArmA 2
[2012.07.13 18:29:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.07.13 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SIX_Projects
[2012.07.13 06:50:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\ArmA 2 Other Profiles
[2012.07.13 06:00:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\six-updater
[2012.07.13 06:00:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\six-zsync
[2012.07.13 05:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2012.07.13 05:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects
[2012.07.13 05:57:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Downloaded Installations
[2012.07.13 05:06:22 | 000,000,000 | RH-D | C] -- C:\Users\*****\AppData\Roaming\SecuROM
[2012.07.13 04:46:46 | 000,000,000 | ---D | C] -- C:\extrahierte_installationsdateien
[2012.07.13 00:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.07.12 00:39:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ArmA 2 Free
[2012.07.12 00:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012.07.12 00:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.07.11 05:14:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SniperV2
[2012.07.11 05:12:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SKIDROW
[2012.07.11 01:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012.07.11 01:39:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\uTorrent
[2012.07.10 01:36:09 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\pixelio_de
[2012.07.09 05:12:06 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\ps_vergleich
[2012.07.08 18:23:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Adobe
[2012.07.08 17:04:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.08 16:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.07.08 16:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.07.08 16:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.07.08 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Adobe Photoshop CS6
[2012.07.08 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.06 23:36:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\My Cheat Tables
[2012.07.06 23:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1
[2012.07.06 23:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.1
[2012.07.04 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\odgb201d_entpackt
[2012.07.04 03:35:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\fontconfig
[2012.07.04 03:35:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\gegl-0.2
[2012.07.04 03:35:24 | 000,000,000 | ---D | C] -- C:\Users\*****\.gimp-2.8
[2012.07.04 03:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.07.02 01:12:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PunkBuster
[2012.07.01 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Battlefield Play4Free
[2012.07.01 20:46:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.07.01 20:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2012.06.25 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Pokki
[2012.06.25 05:26:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Need for Speed World
[2012.06.25 04:26:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Need for Speed World
[2012.06.25 04:01:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Electronic_Arts_Inc
[2012.06.25 01:13:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sony
[2012.06.25 01:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.06.25 01:07:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sony
[2012.06.24 23:04:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\simplitec
[2012.06.24 23:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec
[2012.06.24 03:50:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\Corel VideoStudio Pro
[2012.06.24 03:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2012.06.24 03:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012.06.23 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft
[2012.06.22 01:50:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Videos\Documents\sonstiges
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.20 23:45:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 23:45:07 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.19 23:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.07.19 16:11:09 | 001,809,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.19 16:11:09 | 000,774,070 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.19 16:11:09 | 000,716,458 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.19 16:11:09 | 000,175,718 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.19 16:11:09 | 000,143,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.18 23:19:06 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\MAGIX Autobackup Tray - MAGIX AG.job
[2012.07.18 23:17:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.18 23:15:43 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.18 22:42:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.18 20:44:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012.07.18 20:44:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012.07.18 19:56:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 19:56:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 03:51:43 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.07.17 04:52:00 | 000,051,636 | ---- | M] () -- C:\Users\*****\Desktop\484463_10150967502059584_1119167114_n.jpg
[2012.07.16 21:10:18 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.07.15 15:40:50 | 000,269,857 | ---- | M] () -- C:\Users\*****\Desktop\strafanzeige_esm_06jul2012open1.pdf
[2012.07.14 22:55:42 | 000,063,010 | ---- | M] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010
[2012.07.13 23:17:51 | 000,012,055 | ---- | M] () -- C:\Users\*****\Desktop\latest.torrent
[2012.07.11 21:43:46 | 005,073,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 23:20:38 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk
[2012.07.10 22:05:37 | 000,061,298 | ---- | M] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010_Backup
[2012.07.10 12:30:13 | 000,005,401 | ---- | M] () -- C:\Users\*****\Desktop\profilbutton_skaliert1.png
[2012.07.08 18:07:20 | 000,001,456 | ---- | M] () -- C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.08 17:27:44 | 000,007,598 | ---- | M] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2012.07.08 16:35:56 | 000,001,079 | ---- | M] () -- C:\Users\*****\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
[2012.07.08 15:19:37 | 000,020,649 | ---- | M] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2012.07.04 14:50:47 | 000,100,781 | ---- | M] () -- C:\Users\*****\Desktop\plug201d.zip
[2012.07.04 14:50:44 | 002,328,395 | ---- | M] () -- C:\Users\*****\Desktop\odbg201d.zip
[2012.07.04 01:41:48 | 000,001,664 | ---- | M] () -- C:\Users\*****\Desktop\Need for Speed World - Verknüpfung.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 01:13:30 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.02 01:13:30 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.01 20:46:29 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.25 04:00:24 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.18 23:13:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.17 04:52:05 | 000,051,636 | ---- | C] () -- C:\Users\*****\Desktop\484463_10150967502059584_1119167114_n.jpg
[2012.07.16 21:10:18 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.07.15 15:40:58 | 000,269,857 | ---- | C] () -- C:\Users\*****\Desktop\strafanzeige_esm_06jul2012open1.pdf
[2012.07.13 23:17:54 | 000,012,055 | ---- | C] () -- C:\Users\*****\Desktop\latest.torrent
[2012.07.13 05:58:25 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012.07.13 05:58:25 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012.07.10 23:20:38 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk
[2012.07.10 21:43:25 | 000,063,010 | ---- | C] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010
[2012.07.10 21:43:25 | 000,061,298 | ---- | C] () -- C:\Users\*****\Desktop\einkommensteuer2011.ESt2010_Backup
[2012.07.10 12:30:12 | 000,005,401 | ---- | C] () -- C:\Users\*****\Desktop\profilbutton_skaliert1.png
[2012.07.08 18:07:20 | 000,001,456 | ---- | C] () -- C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.08 17:06:21 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.07.08 16:35:56 | 000,001,079 | ---- | C] () -- C:\Users\*****\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
[2012.07.08 16:34:19 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012.07.08 16:32:56 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012.07.08 16:32:09 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012.07.08 16:28:52 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012.07.08 16:28:42 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.07.08 15:19:37 | 000,020,649 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2012.07.04 14:50:49 | 000,100,781 | ---- | C] () -- C:\Users\*****\Desktop\plug201d.zip
[2012.07.04 14:00:47 | 002,328,395 | ---- | C] () -- C:\Users\*****\Desktop\odbg201d.zip
[2012.07.04 03:34:58 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.07.02 01:13:30 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.01 20:46:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.01 20:46:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.28 13:21:08 | 000,001,664 | ---- | C] () -- C:\Users\*****\Desktop\Need for Speed World - Verknüpfung.lnk
[2012.06.25 04:00:24 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2012.06.19 06:07:08 | 000,002,917 | ---- | C] () -- C:\Users\*****\AppData\Roaming\HP-15C.mem
[2012.05.01 16:03:50 | 000,000,000 | ---- | C] () -- C:\Users\*****\assoc
[2012.03.13 05:28:53 | 000,000,080 | ---- | C] () -- C:\Users\*****\AppData\Local\X-Plane Installer.prf
[2012.03.04 05:26:31 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2012.02.16 02:17:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.01.10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.01.10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.01.10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.19 04:56:14 | 000,004,905 | ---- | C] () -- C:\ProgramData\rugqgaaw.ekm
[2011.10.20 01:28:38 | 000,000,014 | ---- | C] () -- C:\Windows\campaignsave.INI
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.03 04:45:48 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\MIDI Patch Names
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MediaFolder
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Master
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\Mail
[2011.09.01 17:14:33 | 000,000,268 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\Machines
[2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.09.01 17:14:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.07.17 23:44:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.07.17 23:44:28 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.07.17 22:45:47 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2011.07.17 22:45:47 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011.07.09 03:48:24 | 000,000,182 | ---- | C] () -- C:\Windows\mailpeek.INI
[2011.06.22 13:26:49 | 000,000,046 | ---- | C] () -- C:\Windows\Datasaver.INI
[2011.04.19 23:32:37 | 000,000,558 | ---- | C] () -- C:\Windows\my.ini
[2011.03.29 05:45:46 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.03.28 01:54:19 | 000,001,099 | ---- | C] () -- C:\Users\*****\AppData\Roaming\ShiftN.ini
[2011.03.17 05:08:55 | 000,001,766 | ---- | C] () -- C:\Users\*****\.lmmsrc.xml
[2011.03.17 03:17:36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.03.17 03:15:36 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.03.10 11:16:45 | 001,786,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.05 06:35:30 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol
[2011.03.01 23:58:13 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.02.28 23:25:51 | 000,000,046 | ---- | C] () -- C:\Windows\SPEED.INI
[2011.02.27 02:08:14 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011.02.27 02:08:14 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011.02.27 02:08:14 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011.02.27 02:08:14 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011.02.27 02:08:14 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011.02.27 02:08:14 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011.02.27 01:35:30 | 000,007,598 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011.02.26 23:33:44 | 000,009,216 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.26 23:21:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
========== LOP Check ==========
[2012.06.16 23:37:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.purple
[2012.03.11 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AI Internet Solutions
[2012.05.08 14:21:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ALDITALKVerbindungsassistent
[2011.03.08 03:53:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Alien Skin
[2012.03.24 00:47:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASCOMP Software
[2012.03.26 00:21:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo
[2012.06.23 23:40:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity
[2012.03.17 03:39:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\avidemux
[2012.04.30 03:18:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BANDISOFT
[2011.09.11 23:37:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blender Foundation
[2012.04.26 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited
[2012.05.30 00:42:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ChemTable Software
[2011.11.11 23:55:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Cocoon Software
[2011.03.10 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CocoonSoftware
[2012.07.08 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.25 02:34:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Copernic
[2012.03.25 02:24:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Datarescue
[2012.01.12 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\enchant
[2012.06.12 22:24:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\eSobi
[2012.03.04 05:57:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Fenrir Inc
[2012.07.11 02:59:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.03.13 04:50:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\flightgear.org
[2012.03.13 04:33:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org
[2012.05.04 04:50:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreeScreenToVideo
[2011.06.21 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo
[2012.07.04 02:14:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2012.06.13 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2012.02.27 06:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IObit
[2012.04.26 03:29:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JAM Software
[2012.03.22 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JonDo
[2012.05.31 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LibreOffice
[2012.01.21 01:38:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Likno Software
[2012.03.15 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lingo4u
[2012.06.25 00:48:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX
[2011.09.21 16:38:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAXON
[2012.03.23 01:56:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Maxthon3
[2012.06.25 04:26:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Need for Speed World
[2011.09.03 04:44:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nikon
[2012.01.24 01:12:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy
[2012.04.19 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2012.03.25 05:59:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PingPlotter Freeware
[2011.10.20 01:31:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlayFirst
[2011.07.22 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Program Files (x86)
[2011.11.19 04:55:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\psynetic-mapmaker
[2012.06.25 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2012.01.14 01:58:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Python-Eggs
[2011.06.21 23:36:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ra e Deutsche Gesetze
[2012.06.24 23:04:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\simplitec
[2012.07.13 18:10:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\six-updater
[2012.07.13 06:00:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\six-zsync
[2012.07.18 04:41:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2012.02.27 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SolarMax
[2012.06.25 01:35:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2012.07.08 17:04:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.27 06:19:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Stellarium
[2012.03.13 04:34:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Subversion
[2012.03.24 06:50:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TamoSoft
[2012.01.25 00:12:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2011.07.09 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2011.03.10 11:17:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP
[2012.05.03 02:19:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TrueCrypt
[2012.07.17 02:31:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.06.25 03:34:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2012.01.24 01:12:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Uniblue
[2012.07.13 23:25:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2012.02.21 21:49:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Verbindungsassistent
[2012.07.02 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Webocton - Scriptly
[2012.04.26 02:56:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinFAQ
[2012.03.23 22:56:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinPatrol
[2012.02.23 01:58:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XnView
[2012.07.18 23:19:06 | 000,000,540 | ---- | M] () -- C:\Windows\Tasks\MAGIX Autobackup Tray - MAGIX AG.job
[2012.05.31 00:03:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.05.25 19:23:37 | 000,000,000 | ---D | M] -- C:\!KillBox
[2012.06.22 03:06:39 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.02.28 16:20:53 | 000,000,000 | ---D | M] -- C:\40d4c40f2880826579
[2012.02.27 15:49:12 | 000,000,000 | ---D | M] -- C:\907f9793ae1ec66b3c
[2012.05.02 02:53:18 | 000,000,000 | ---D | M] -- C:\anwendungen_ohne_installation
[2010.11.17 06:01:25 | 000,000,000 | ---D | M] -- C:\book
[2012.05.11 13:59:36 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2012.03.16 04:22:06 | 000,000,000 | ---D | M] -- C:\CFLog
[2011.09.21 16:36:14 | 000,000,000 | ---D | M] -- C:\cinebench__11_529
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.07.13 04:47:34 | 000,000,000 | ---D | M] -- C:\extrahierte_installationsdateien
[2012.03.05 04:10:38 | 000,000,000 | ---D | M] -- C:\Games
[2012.03.12 01:25:26 | 000,000,000 | ---D | M] -- C:\inetpub
[2010.11.17 05:55:04 | 000,000,000 | ---D | M] -- C:\Intel
[2011.06.09 01:34:31 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData
[2011.02.26 22:43:35 | 000,000,000 | -H-D | M] -- C:\OEM
[2011.06.10 04:30:37 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.09 04:08:03 | 000,000,000 | ---D | M] -- C:\PMAIL
[2012.06.12 22:56:00 | 000,000,000 | ---D | M] -- C:\PoW24
[2012.07.08 16:32:44 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.19 16:17:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.07.19 16:17:13 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.26 22:41:32 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.06 16:19:52 | 000,000,000 | ---D | M] -- C:\SG Interactive
[2011.02.27 02:11:50 | 000,000,000 | ---D | M] -- C:\SmartSound Software
[2012.04.25 02:54:22 | 000,000,000 | ---D | M] -- C:\Stranded II
[2012.07.17 15:11:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.13 00:13:46 | 000,000,000 | ---D | M] -- C:\systemrettungsdisks
[2011.09.20 03:54:29 | 000,000,000 | ---D | M] -- C:\tmp
[2011.07.19 23:22:23 | 000,000,000 | ---D | M] -- C:\Ubisoft
[2012.05.31 01:43:17 | 000,000,000 | R--D | M] -- C:\Users
[2012.05.11 13:46:45 | 000,000,000 | ---D | M] -- C:\VueScan
[2012.07.20 23:45:07 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.20 05:36:21 | 000,000,000 | ---D | M] -- C:\xampp
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2012.02.15 00:36:34 | 000,004,608 | ---- | M] () MD5=181066E31AD20869CF049262A0DB0BC2 -- C:\Users\*****\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v049D98E1\Native\STUBEXE\@SYSTEM@\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2010.04.13 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 03:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %USERPROFILE%\*.* >
[2012.02.26 22:46:42 | 000,001,766 | ---- | M] () -- C:\Users\*****\.lmmsrc.xml
[2012.05.01 16:03:50 | 000,000,000 | ---- | M] () -- C:\Users\*****\assoc
[2012.07.21 00:28:27 | 011,796,480 | -HS- | M] () -- C:\Users\*****\ntuser.dat
[2012.07.21 00:28:27 | 000,262,144 | -HS- | M] () -- C:\Users\*****\ntuser.dat.LOG1
[2011.02.26 22:41:48 | 000,000,000 | -HS- | M] () -- C:\Users\*****\ntuser.dat.LOG2
[2011.02.26 23:06:58 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.02.26 23:06:58 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.02.26 23:06:58 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.02.11 05:22:54 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TM.blf
[2012.02.11 05:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TMContainer00000000000000000001.regtrans-ms
[2012.02.11 05:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{6a856607-5430-11e1-a969-1c7508345b36}.TMContainer00000000000000000002.regtrans-ms
[2012.01.28 22:35:29 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TM.blf
[2012.01.28 22:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TMContainer00000000000000000001.regtrans-ms
[2012.01.28 22:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{93499e4b-49e4-11e1-bfda-18f46a74b161}.TMContainer00000000000000000002.regtrans-ms
[2012.03.04 06:27:44 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TM.blf
[2012.03.04 06:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TMContainer00000000000000000001.regtrans-ms
[2012.03.04 06:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{f0116906-6571-11e1-b007-1c7508345b36}.TMContainer00000000000000000002.regtrans-ms
[2011.02.26 22:41:48 | 000,000,020 | -HS- | M] () -- C:\Users\*****\ntuser.ini
[2012.03.02 01:33:47 | 000,000,680 | RHS- | M] () -- C:\Users\*****\ntuser.pol
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
========== Alternate Data Streams ==========
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
< End of report >
--- --- ---
die auswgewählten eintrage von malwarebytes habe ich mit einem neuen durchlauf gefixt. |
