blue7667 | 10.11.2012 02:14 | hm, OTL.txt wird erzeugt, s.u.
extra.txt fehlt allerdings, meine Wahl "extra Registrierung aus SafeList" wird durch den quick scan wieder geändert ....
Sorry für die Namensänderung, geht leider im Moment nicht anders.
OTL Logfile: Code:
OTL logfile created on: 10.11.2012 01:50:38 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\root\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,12% Memory free
7,90 Gb Paging File | 6,62 Gb Available in Paging File | 83,76% Paging File free
Paging file location(s): c:\pagefile.sys 3055 3055e:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 7,70 Gb Free Space | 6,61% Space Free | Partition Type: NTFS
Drive E: | 115,05 Gb Total Space | 82,00 Gb Free Space | 71,27% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\root\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Programme\Squeezebox\SqueezeTray.exe (SlimDevices - A Logitech Company)
PRC - C:\Programme\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\23fe5d76b9491fa255db2281ac7687d5\Service.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\b7b4505cb0a127c242f14d779e410e03\POSIX.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\20252d6e001ae3774b425e81ba09b666\Fcntl.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\6a834a555edd63cb8706466e7c1666f2\Hostname.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\f48694173221cfa9bad4275e2389b498\Win32.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\7020d50af327e3fc94b98242c307fc81\Cwd.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\855297e7b4b860331fdbdd53426f5e15\Dumper.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\2076671ee5d0a5323570c92c74abac6f\Process.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\86351894c58e4804ca004825fea78bbb\Encode.dll ()
MOD - C:\Users\root\AppData\Local\Temp\pdk-root-2924\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\BlackPng.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - c:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Programme\Common Files\Adobe\Shell\psicon.dll ()
========== Services (SafeList) ==========
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b5e8a4c.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (SqueezeMySQL) -- C:\Programme\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe ()
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe ()
SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (AV Watch Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe ()
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MAUSBTZ) -- system32\DRIVERS\mausbts.sys File not found
DRV - (MADFU006) -- SYSTEM32\DRIVERS\MADFU006.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV - (AVFSFilter) -- C:\Windows\System32\drivers\avfsfilter.sys ()
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (MADFUTRANSIT) -- C:\Windows\System32\drivers\MAudioTransit_DFU.sys (M-Audio)
DRV - (MAUSBTRANSIT) -- C:\Windows\System32\drivers\MAudioTransit.sys (Avid Technology, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{35BAA2DF-423D-4F27-B44A-D80F5981FCFF}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes,DefaultScope = {35BAA2DF-423D-4F27-B44A-D80F5981FCFF}
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{35BAA2DF-423D-4F27-B44A-D80F5981FCFF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\SearchScopes\{7E25F2EB-1E56-4460-8043-AECDA51F9E77}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LL&apn_dtid=YYYYYYYYDE&apn_uid=6541506a-837e-4603-9771-09b5e9926f88&apn_sauid=292C1CD9-4044-4872-9AAE-F456B47A37CF
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
[2011.08.16 18:29:47 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchaudio.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-837539190-946308511-2959491753-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\ttemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-837539190-946308511-2959491753-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0472F0CA-6F36-44A9-BFBB-EFB5664E630F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E24FDE4E-5600-4E8B-938B-42DEC3A50CE8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\dssrequest - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\sacore - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled -
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DVSD - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.11.10 01:18:00 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\T-logs
[2012.11.09 22:52:57 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\root\Desktop\dds.com
[2012.11.09 00:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.09 00:36:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.09 00:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.07 00:08:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\root\Desktop\OTL.exe
[2012.11.06 22:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.11.06 22:52:12 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\NPE
[2012.11.06 00:16:56 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\DE-Cleaner powered by Kaspersky1
[2012.11.05 23:58:36 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Apple Computer
[2012.10.16 20:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.10 01:54:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63201445-96D7-497C-9030-2AEDEE9898A8}.job
[2012.11.10 01:13:07 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.10 01:13:07 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.10 01:13:07 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.10 01:13:07 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.10 01:12:21 | 000,001,833 | ---- | M] () -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.11.10 01:08:01 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.10 01:08:01 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.10 01:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.10 01:07:44 | 2134,896,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.10 00:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.09 22:53:01 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\root\Desktop\dds.com
[2012.11.09 22:35:47 | 000,541,569 | ---- | M] () -- C:\Users\root\Desktop\adwcleaner.exe
[2012.11.09 00:37:00 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.08 00:22:35 | 000,302,592 | ---- | M] () -- C:\Users\root\Desktop\uv0zgwrt.exe
[2012.11.08 00:03:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\root\Desktop\OTL.exe
[2012.11.07 23:41:14 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable
[2012.11.07 23:40:31 | 000,050,477 | ---- | M] () -- C:\Users\root\Desktop\Defogger.exe
[2012.11.06 20:58:17 | 000,001,855 | ---- | M] () -- C:\Users\root\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.11.06 20:58:17 | 000,001,784 | ---- | M] () -- C:\Users\root\Desktop\Avira DE-Cleaner.lnk
[2012.10.17 22:15:48 | 000,000,867 | ---- | M] () -- C:\Users\root\Desktop\Eusing Free Registry Cleaner.lnk
[2012.10.16 20:12:07 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.09 22:35:45 | 000,541,569 | ---- | C] () -- C:\Users\root\Desktop\adwcleaner.exe
[2012.11.09 00:37:00 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.08 23:06:51 | 2134,896,640 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.08 00:22:34 | 000,302,592 | ---- | C] () -- C:\Users\root\Desktop\uv0zgwrt.exe
[2012.11.07 23:41:14 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable
[2012.11.07 23:40:30 | 000,050,477 | ---- | C] () -- C:\Users\root\Desktop\Defogger.exe
[2012.10.16 20:12:07 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012.10.14 15:37:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.02.07 22:53:13 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2012.02.07 22:53:13 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2012.02.07 22:53:13 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2011.12.09 00:36:41 | 000,000,680 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat
[2011.10.19 20:10:12 | 000,000,092 | ---- | C] () -- C:\Users\root\AppData\Local\fusioncache.dat
[2011.08.31 20:43:22 | 000,013,076 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011.08.17 17:08:35 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2011.08.17 15:18:24 | 004,022,504 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2011.08.17 15:18:24 | 000,017,944 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.05.20 22:15:25 | 000,000,144 | ---- | C] () -- C:\ProgramData\~44031736r
[2011.05.20 22:15:25 | 000,000,120 | ---- | C] () -- C:\ProgramData\~44031736
[2011.05.20 22:15:20 | 000,000,344 | ---- | C] () -- C:\ProgramData\44031736
[2011.03.20 18:46:56 | 000,000,039 | -H-- | C] () -- C:\Windows\System32\spfid.bin
[2011.03.20 18:46:56 | 000,000,039 | -H-- | C] () -- C:\Windows\spfid.bin
[2010.12.24 13:45:10 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys
[2010.06.20 17:46:41 | 000,000,008 | ---- | C] () -- C:\ProgramData\SDGLYBMPWPP.SYS
[2010.06.02 23:04:58 | 000,000,881 | ---- | C] () -- C:\Users\root\rescuepro34act.lic
[2010.06.02 23:04:58 | 000,000,051 | ---- | C] () -- C:\Users\root\rescuepro.properties
[2009.06.15 21:56:47 | 000,003,584 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.06.20 11:54:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dBpoweramp
[2011.09.13 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Downloaded Installations
[2008.07.26 19:14:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EPSON
[2011.01.19 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fighters
[2009.09.24 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Haufe
[2011.10.19 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imaxel
[2009.09.18 08:14:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware
[2012.02.13 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MusE
[2009.09.24 19:47:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\myphotobook
[2012.11.08 10:26:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF
[2010.09.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BonkEnc
[2011.11.22 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.06.25 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cuttermaran
[2011.08.17 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dBpoweramp
[2012.02.12 20:33:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2011.08.17 12:52:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EAC
[2011.01.18 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fighters
[2009.02.01 23:46:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\foobar2000
[2011.06.29 18:25:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Gynayw
[2011.09.07 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Haufe
[2010.11.13 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HOLM Acoustics
[2011.10.19 20:11:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imaxel
[2011.11.22 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ImgBurn
[2009.09.17 21:52:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware
[2010.12.23 11:21:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAGIX
[2011.09.21 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF
[2011.10.29 21:43:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++
[2008.08.31 10:58:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Smart Panel
[2009.02.25 22:52:24 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TolvanData
[2011.11.22 22:44:21 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Toshiba
[2010.11.21 11:46:53 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Ulead Systems
[2012.02.12 20:33:23 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoft
[2012.02.12 20:33:14 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.16 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\EAC
[2011.01.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Fighters
[2011.09.07 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\FreePDF
[2011.10.19 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Imaxel
[2010.05.08 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Lexware
[2012.02.12 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MusE
[2011.10.16 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++
[2008.05.22 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Toshiba
[2012.11.09 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\ttemp\AppData\Roaming\Lexware
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.11.08 23:28:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.07.25 20:38:21 | 000,000,000 | -H-D | M] -- C:\AkAbak
[2008.02.18 15:42:38 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.08.04 22:28:26 | 000,000,000 | -H-D | M] -- C:\DVDWriter_Temp
[2011.09.07 21:43:26 | 000,000,000 | ---D | M] -- C:\FreePDF
[2008.02.18 16:10:59 | 000,000,000 | -H-D | M] -- C:\Intel
[2011.11.01 18:20:39 | 000,000,000 | ---D | M] -- C:\Octave
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.09 22:37:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.06 22:52:21 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.07.07 20:31:46 | 000,000,000 | -H-D | M] -- C:\PSFONTS
[2012.11.10 01:52:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.26 18:29:42 | 000,000,000 | ---D | M] -- C:\Terzio
[2008.05.22 12:02:40 | 000,000,000 | -H-D | M] -- C:\Toshiba
[2011.08.30 15:33:49 | 000,000,000 | ---D | M] -- C:\updates
[2012.11.08 23:26:06 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.06 22:56:22 | 000,000,000 | ---D | M] -- C:\Windows
< %SYSTEMDRIVE%\*.* >
[2012.11.09 22:37:18 | 000,007,380 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008.02.18 15:42:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012.11.10 01:07:44 | 2134,896,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.26 18:29:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.12.26 18:29:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.11.10 01:07:38 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys
[2008.02.18 16:22:22 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2008.02.22 16:15:58 | 000,000,229 | -H-- | M] () -- C:\SWSTAMP.TXT
[2008.02.22 10:15:13 | 000,025,976 | ---- | M] () -- C:\_wdsuef.dmp
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: PROGRAMFILES(X86)
< %systemroot%\*. /mp /s >
< %windir%\installer\*. /10 >
< %appdata%\*. >
[2011.08.16 21:58:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\AccurateRip
[2008.07.12 09:12:32 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Adobe
[2012.11.05 23:58:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Apple Computer
[2008.07.12 10:05:41 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\ArcSoft
[2011.10.11 09:29:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Avira
[2012.02.12 20:33:23 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoft
[2012.02.12 20:33:14 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.16 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\EAC
[2011.01.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Fighters
[2011.09.07 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\FreePDF
[2008.05.22 13:51:31 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Google
[2008.10.12 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Help
[2008.05.22 12:01:52 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Identities
[2011.10.19 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Imaxel
[2008.05.22 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\InstallShield
[2010.05.08 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Lexware
[2009.01.24 21:28:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Macromedia
[2011.05.20 23:50:35 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Media Center Programs
[2009.07.07 21:07:42 | 000,000,000 | --SD | M] -- C:\Users\root\AppData\Roaming\Microsoft
[2008.05.22 12:10:58 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Microsoft Web Folders
[2012.02.12 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MusE
[2011.10.16 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++
[2008.05.22 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Toshiba
< %appdata%\*.* >
[2011.08.17 17:08:49 | 000,000,600 | ---- | M] () -- C:\Users\root\AppData\Roaming\winscp.rnd
< %appdata%\*.exe /s >
[2009.09.17 21:29:38 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\root\AppData\Roaming\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe
< %localappdata%\*. >
[2011.10.01 11:22:28 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Adobe
[2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Anwendungsdaten
[2012.08.09 21:29:21 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Apple
[2011.10.19 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\ApplicationHistory
[2008.05.22 12:01:25 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\BVRP Software
[2012.04.09 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\furnplan
[2012.10.17 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Google
[2008.10.12 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Help
[2012.08.05 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Lexware
[2012.03.08 00:37:57 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Microsoft
[2012.02.12 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\MusE
[2012.11.06 23:00:24 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\NPE
[2011.01.18 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\PackageAware
[2011.10.01 11:08:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Secunia PSI
[2012.11.10 01:50:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Temp
[2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Temporary Internet Files
[2008.05.22 12:02:38 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\Toshiba
[2008.05.22 11:54:14 | 000,000,000 | -HSD | M] -- C:\Users\root\AppData\Local\Verlauf
[2009.07.07 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Local\VirtualStore
< %localappdata%\*.* >
[2011.12.09 00:36:41 | 000,000,680 | ---- | M] () -- C:\Users\root\AppData\Local\d3d9caps.dat
[2009.06.15 22:26:13 | 000,003,584 | ---- | M] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.19 20:10:12 | 000,000,092 | ---- | M] () -- C:\Users\root\AppData\Local\fusioncache.dat
[2010.05.08 13:17:46 | 000,073,680 | ---- | M] () -- C:\Users\root\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.10 00:35:59 | 003,894,551 | -H-- | M] () -- C:\Users\root\AppData\Local\IconCache.db
< %localappdata%\*.exe /s >
[2012.11.06 20:58:15 | 000,883,840 | ---- | M] () -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IG86M1V\Avira-DE-Cleaner[1].exe
[2012.10.17 22:15:29 | 000,979,058 | ---- | M] () -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRJQYYDC\EFRCSetup[1].exe
[2012.11.06 00:16:21 | 137,922,416 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLUGJRVG\setup_9.0.0.722_05.11.2012_06-07[1].exe
[2012.11.06 22:52:05 | 006,161,912 | ---- | M] (Symantec Corporation) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZGMUY86\de_cleaner[1].exe
[2012.11.06 00:16:22 | 137,922,416 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQ00LQJW\setup_9.0.0.722_05.11.2012_06-07[1].exe
[2009.10.25 20:29:22 | 000,006,656 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\cpufeature.exe
[2011.10.19 20:08:20 | 024,277,024 | ---- | M] (Microsoft) -- C:\Users\root\AppData\Local\Temp\dotnetfx.exe
[2010.07.27 23:17:00 | 002,820,608 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\root\AppData\Local\Temp\InstallAX.exe
[2012.10.17 22:14:21 | 004,031,184 | ---- | M] (Ask) -- C:\Users\root\AppData\Local\Temp\setup.exe
[2011.07.10 02:07:58 | 000,118,784 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\xmlUpdater.exe
[2007.04.05 14:39:32 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_is3F7.exe
[2008.01.22 17:04:28 | 000,455,976 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_isA929.exe
[2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\_isE021.exe
[55 C:\Users\root\AppData\Local\Temp\*.tmp files -> C:\Users\root\AppData\Local\Temp\*.tmp -> ]
[2011.09.19 17:38:26 | 001,207,296 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\GoogleEarth.exe
[2011.09.19 17:16:55 | 000,050,688 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
[2011.09.19 17:16:48 | 000,071,680 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
[2011.09.19 17:17:12 | 000,293,888 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
[2011.09.19 17:16:48 | 000,071,680 | ---- | M] (Google) -- C:\Users\root\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
[2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\DVDWriter\setup.exe
[1999.11.03 10:53:40 | 000,036,099 | ---- | M] (InstallShield Software Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\IVI\Setup.exe
[2006.05.24 18:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\root\AppData\Local\Temp\{832939F9-7A9F-422E-A0A3-8D01971321AA}\{0A8073F2-31C6-413B-BC79-5808352D651A}\VRWriter\setup.exe
[2012.11.06 00:27:20 | 000,245,968 | ---- | M] (Ask) -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
[2012.11.06 00:27:20 | 000,176,128 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe
[2012.11.06 00:27:20 | 000,042,880 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
[2011.10.20 20:42:09 | 000,735,752 | ---- | M] (M-Audio, a division of Avid Corporation) -- C:\Users\root\AppData\Local\Temp\55c42e8b-6f7f-4342-b621-bb138d48a3c7\InstallShieldUninstaller.exe
[2011.12.05 14:51:00 | 000,466,272 | ---- | M] (D+H Software GmbH ) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\FurnplanSetup.exe
[2011.12.06 16:16:38 | 000,138,752 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\data\tools\Zip.exe
[2011.10.11 10:55:10 | 000,684,544 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\FP_Updater.exe
[2011.08.23 14:09:06 | 000,528,896 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\OpusUpdater.exe
[2011.08.30 12:08:36 | 000,222,208 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\Settings.exe
[2011.07.07 07:44:18 | 000,147,968 | ---- | M] (D+H Software GmbH) -- C:\Users\root\AppData\Local\Temp\7zS4194.tmp\setup\updater\data\Md5Creator.exe
[2011.10.21 22:24:04 | 000,735,752 | ---- | M] (M-Audio, a division of Avid Corporation) -- C:\Users\root\AppData\Local\Temp\d47fb7b9-2636-4475-b29c-269ca3f78357\InstallShieldUninstaller.exe
[2011.02.17 09:30:23 | 000,299,688 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\avwebloader.exe
[2011.02.25 14:51:51 | 000,059,560 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\DE-Cleaner-Install.exe
[2011.08.02 19:56:58 | 000,066,216 | ---- | M] () -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\Avira-DE-Cleaner-starten.exe
[2011.08.02 19:56:59 | 000,514,216 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe
[2011.08.02 19:57:02 | 001,962,152 | ---- | M] (Avira GmbH) -- C:\Users\root\AppData\Local\Temp\decleaner\decleaner\setup\decleaner.exe
[2010.11.16 18:08:40 | 000,098,304 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Temp\Imaxel\iDeskOrderImporter.exe
[2010.11.19 12:01:42 | 000,028,672 | ---- | M] (Imaxel Labs S.L) -- C:\Users\root\AppData\Local\Temp\Imaxel\ImaxelLauncher.exe
[2010.09.20 12:04:46 | 000,016,384 | ---- | M] ( ) -- C:\Users\root\AppData\Local\Temp\Imaxel\NTFSFP.exe
[2011.11.22 18:05:25 | 000,258,048 | ---- | M] (OCS) -- C:\Users\root\AppData\Local\Temp\OCS\ocs_v5c.exe
[2011.11.22 18:06:03 | 011,422,040 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\root\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\631a21e7e3ea4d60c27b0646a837ac79\FreeDiscBurner.exe
[2011.09.23 16:26:37 | 000,234,448 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Users\root\AppData\Local\Temp\RarSFX0\avwebloader.exe
< %allusersprofile%\*. >
[2012.09.23 21:29:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012.08.09 21:29:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012.08.09 21:30:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.01.08 16:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2008.10.13 20:33:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\BTrieve
[2011.11.22 20:49:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2011.09.29 12:30:35 | 000,000,000 | -H-D | M] -- C:\ProgramData\clp
[2011.01.18 23:20:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Toolkit Suite
[2011.10.01 20:41:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink
[2012.08.05 18:28:08 | 000,000,000 | -H-D | M] -- C:\ProgramData\DATA BECKER
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.01.18 23:20:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Fighters
[2011.02.23 11:09:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\FreePDF
[2012.03.18 08:51:54 | 000,000,000 | ---D | M] -- C:\ProgramData\gema
[2012.10.17 22:16:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\Google
[2008.10.13 20:22:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\Haufe
[2012.08.17 19:14:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\HOLM Acoustics
[2011.10.19 22:08:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\hps
[2011.10.15 23:05:23 | 000,000,000 | ---D | M] -- C:\ProgramData\InguzEQ
[2012.11.07 07:39:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab
[2010.11.30 19:24:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\Lexware
[2008.02.18 16:59:57 | 000,000,000 | -H-D | M] -- C:\ProgramData\MAGIX
[2009.07.07 20:33:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\MakeMusic
[2011.05.20 23:50:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2011.10.11 19:23:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\McAfee
[2011.08.30 22:03:44 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2011.09.13 14:25:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2012.11.06 22:52:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2008.06.27 23:30:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\Panasonic
[2011.09.03 22:09:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Squeezebox
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.10.01 10:38:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2011.08.15 10:39:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Synology
[2010.10.06 20:05:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\TEMP
[2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.10.23 20:35:58 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2008.02.22 10:17:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\TOSHIBA
[2008.05.22 11:54:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\ToshibaEurope
[2008.07.12 09:55:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\UDL
[2008.02.18 16:43:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\Ulead Systems
[2008.05.22 11:50:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.05.21 00:57:05 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012.11.03 21:13:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\WinZip
[2012.08.09 21:32:22 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.01.18 23:21:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}
< %allusersprofile%\*.* >
[2011.05.20 22:15:20 | 000,000,344 | ---- | M] () -- C:\ProgramData\44031736
[2010.06.20 17:46:46 | 000,000,008 | ---- | M] () -- C:\ProgramData\SDGLYBMPWPP.SYS
[2011.05.20 22:15:25 | 000,000,120 | ---- | M] () -- C:\ProgramData\~44031736
[2011.05.20 22:15:25 | 000,000,144 | ---- | M] () -- C:\ProgramData\~44031736r
< %allusersprofile%\*.exe /s >
[2009.02.04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010.12.24 14:02:16 | 003,129,968 | ---- | M] (SPAMfighter ApS ) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\SPYWAREfighter.exe
[2010.12.24 14:01:26 | 000,706,696 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\1B2BFE9\40374F81\FighterLauncher.exe
[2010.12.24 14:01:21 | 000,983,688 | ---- | M] (SPAMfighter) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\6ED4E8D4\18732F2A\swproTray.exe
[2010.12.24 13:45:07 | 000,093,328 | ---- | M] (Preventon Technologies Limited) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\79D5CCD5\CB4D3653\AVWatchService.exe
[2010.12.24 14:01:30 | 000,993,928 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\7B4591B7\40374F81\MsgSys.exe
[2010.12.24 13:45:07 | 000,797,848 | ---- | M] (Preventon Technologies Limited) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\B510A09A\CB4D3653\AVScanningService.exe
[2010.12.24 14:01:28 | 001,141,896 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\DB5AB443\40374F81\FighterSuiteService.exe
[2012.06.07 22:19:04 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.6.3.25\SetupAdmin.exe
[2012.09.10 22:10:19 | 000,613,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
[2012.05.15 20:31:29 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
[2011.07.05 23:46:52 | 006,522,744 | ---- | M] (SPAMfighter ApS) -- C:\ProgramData\Fighters\SPYWAREfighter\setup.exe
[2012.10.17 22:14:23 | 000,530,464 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.10.19 10:10:56 | 001,562,136 | ---- | M] () -- C:\ProgramData\hps\1320\setup_dm_Fotowelt.exe
[2008.01.21 14:28:50 | 009,660,432 | -H-- | M] () -- C:\ProgramData\Lexware\Update Manager\Konfiguration\DATABECKER\AKT3B\setup.exe
[2008.02.07 19:51:46 | 000,078,568 | ---- | M] (MakeMusic) -- C:\ProgramData\MakeMusic\UninstallSmartMusic10.exe
[2012.10.21 20:16:55 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2008.09.08 09:38:38 | 000,069,632 | ---- | M] () -- C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\WaveInput\Bin\wavin2cmd.exe
[2011.09.03 22:11:11 | 050,667,105 | ---- | M] (Logitech ) -- C:\ProgramData\Squeezebox\Cache\updates\SqueezeboxServer-7.6.1.exe
[2011.10.01 20:40:43 | 000,053,319 | ---- | M] ( ) -- C:\ProgramData\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
< End of report > --- --- ---
[/CODE] |