Trojaner-Board - BKA/Ukash-Trojaner/Virus und seine Folgen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - BKA/Ukash-Trojaner/Virus und seine Folgen (https://www.trojaner-board.de/106851-bka-ukash-trojaner-virus-folgen.html)

BKA/Ukash-Trojaner/Virus und seine Folgen

Hallo,

vor ca. zwei Stunden habe ich mir den lästigen BKA-Trojaner eingefangen. Mithilfe des Abgesicherten Modus und dem löschen einer kryptischen *.exe in meinem Benutzerfolder, könnte ich mein System wieder normal starten.

Auch wenn jetzt alles wieder normal wirkt, heißt dies ja bekanntlich nicht das auch alles wieder in Normalzustand ist. Daher wollte ich mir gerne euren Rat anhören, welche weiteren Schritte ich durchführen muss um das Ärgernis zu 99,9% zu beseitigen und ihn und seinen Freunden daran zu hindern wieder auf mein System zu gelangen.

OTL.txt war zu groß, deswegen habe ich die in das Archiv gepackt.

Vielen Dank für eure Hilfe

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Ich habe zwei Vorschläge: :

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.

Zitat:

-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!

Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
► Start → Alle Programme → Zubehör → Systemprogramme → Systemwiederherstellung

->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
► Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)

Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

3.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.

http://image.hijackthis.eu/upload/otl_screen_neu.jpg
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

OTL.txt
OTL Logfile:
OTL EXTRAS Logfile:

Code:

OTL logfile created on: 25.12.2011 14:34:52 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop

64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 38,12% Memory free

7,99 Gb Paging File | 5,30 Gb Available in Paging File | 66,33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 55,80 Gb Total Space | 3,00 Gb Free Space | 5,37% Space Free | Partition Type: NTFS

Drive D: | 372,61 Gb Total Space | 26,79 Gb Free Space | 7,19% Space Free | Partition Type: NTFS

Drive F: | 931,51 Gb Total Space | 753,60 Gb Free Space | 80,90% Space Free | Partition Type: NTFS

Drive H: | 931,51 Gb Total Space | 637,24 Gb Free Space | 68,41% Space Free | Partition Type: NTFS

 

Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

PRC - [2011.12.23 03:42:24 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

PRC - [2011.12.23 03:42:14 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe

PRC - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011.11.09 16:29:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011.10.30 15:11:27 | 000,490,448 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avscan.exe

PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.10.11 13:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe

PRC - [2011.08.31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.08.03 10:17:40 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Spiele\Steam\Steam.exe

PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe

PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe

PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe

PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe

PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe

PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.13 16:57:48 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll

MOD - [2011.12.08 22:21:03 | 014,410,024 | ---- | M] () -- D:\Spiele\Steam\bin\libcef.dll

MOD - [2011.12.08 22:21:01 | 000,194,344 | ---- | M] () -- D:\Spiele\Steam\bin\chromehtml.dll

MOD - [2011.12.08 22:20:59 | 000,091,432 | ---- | M] () -- D:\Spiele\Steam\bin\avutil-50.dll

MOD - [2011.12.08 22:20:57 | 000,155,432 | ---- | M] () -- D:\Spiele\Steam\bin\avformat-52.dll

MOD - [2011.12.08 22:20:55 | 000,914,216 | ---- | M] () -- D:\Spiele\Steam\bin\avcodec-52.dll

MOD - [2011.11.09 16:29:12 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\program files (x86)\avira\antivir desktop\sqlite3.dll

MOD - [2011.03.01 14:08:25 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll

MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)

SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV - [2011.12.23 03:42:32 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)

SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)

SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)

SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)

DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)

DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)

DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)

DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "Google.de"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5

FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 16:29:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.31 11:46:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions

[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.12.18 14:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions

[2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml

[2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml

[2011.11.09 16:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.11.09 16:29:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml

[2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll

CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll

CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll

CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\

CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\

CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\

CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found

O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for IE\FSAddin-0.92.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)

O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)

O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)

O4 - HKCU..\Run: [Update] C:\Users\Andreas\AppData\Roaming\0.9445476154460077.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\tbr - No CLSID value found

O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe

O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe

[2011.12.25 12:01:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes

[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

[2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar

[2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler

[2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.12.25 02:45:05 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Spyware Terminator

[2011.12.25 02:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator

[2011.12.25 02:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012

[2011.12.25 02:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator

[2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll

[2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP

[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager

[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming

[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager

[2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox

[2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox

[2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll

[2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll

[2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll

[2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll

[2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll

[2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll

[2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll

[2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll

[2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll

[2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver

[2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry

[2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data

[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer

[2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71

[2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc

[2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.25 14:11:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job

[2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe

[2011.12.25 12:01:08 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.25 11:58:30 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.25 11:58:30 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.25 11:56:37 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.25 11:56:37 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.25 11:56:37 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.25 11:56:37 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.25 11:56:37 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.25 11:51:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.25 11:51:16 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.25 04:09:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat

[2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip

[2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip

[2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

[2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable

[2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe

[2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.12.25 02:45:04 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk

[2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe

[2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd

[2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

[2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk

[2011.12.21 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job

[2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk

[2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk

[2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp

[2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif

[2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp

[2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg

[2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI

[2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip

[2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip

[2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip

[2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable

[2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe

[2011.12.25 02:45:04 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk

[2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd

[2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk

[2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

[2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk

[2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk

[2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk

[2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif

[2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg

[2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll

[2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip

[2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp

[2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll

[2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll

[2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe

[2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat

[2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI

[2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll

[2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini

[2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd

[2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat

[2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI

[2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg

[2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe

[2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

 
 ========== LOP Check ==========

 

[2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft

[2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4

[2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk

[2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS

[2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid

[2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome

[2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules

[2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited

[2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry

[2010.12.08 11:10:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite

[2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame

[2011.12.25 11:55:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox

[2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft

[2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot

[2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet

[2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO

[2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw

[2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software

[2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu

[2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0

[2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake

[2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut

[2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor

[2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts

[2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis

[2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia

[2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org

[2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU

[2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS

[2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing

[2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP

[2011.12.25 02:45:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Spyware Terminator

[2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion

[2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System

[2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak

[2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird

[2011.11.20 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client

[2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle

[2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader

[2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net

[2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU

[2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

--- --- ---

[/Code]

Extra.txt
OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 25.12.2011 14:34:52 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop

64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 38,12% Memory free

7,99 Gb Paging File | 5,30 Gb Available in Paging File | 66,33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 55,80 Gb Total Space | 3,00 Gb Free Space | 5,37% Space Free | Partition Type: NTFS

Drive D: | 372,61 Gb Total Space | 26,79 Gb Free Space | 7,19% Space Free | Partition Type: NTFS

Drive F: | 931,51 Gb Total Space | 753,60 Gb Free Space | 80,90% Space Free | Partition Type: NTFS

Drive H: | 931,51 Gb Total Space | 637,24 Gb Free Space | 68,41% Space Free | Partition Type: NTFS

 

Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de

"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)

"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)

"{1DD03A94-C815-46EF-A43A-B36694002A7C}" = TortoiseSVN 1.6.16.21511 (64 bit)

"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer

"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)

"{29421E62-F88F-45F1-8686-8EAE6748AE59}" = Turbo Squid Tentacles 3ds Max 2009 64-bit

"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)

"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU

"{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs

"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU

"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{60A95961-E9F4-17C6-2A91-578C34ED9A0C}" = ATI Catalyst Install Manager

"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools

"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit)

"{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64

"{723C8298-C7B0-0407-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - German

"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de

"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU

"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding

"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU

"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools

"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - deu

"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English

"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon

"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer

"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU

"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät

"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit

"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit

"Autodesk 3ds Max 2012 64-bit - German" = Autodesk 3ds Max 2012 64-bit - German

"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit

"GPL Ghostscript 9.02" = GPL Ghostscript

"GSview 4.9" = GSview 4.9

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU

"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU

"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision

"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de

"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)

"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01

"{105E14C1-C2C6-486F-81B0-3217DFDA1086}" = QAliber VS 2008 Plugin

"{11477E2B-84F7-4ED6-AA41-BFEEE3925A02}" = NVIDIA Developer Tools Software Activation

"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011

"{14469957-C777-49D6-B937-69F31F756A66}" = ScanSnap

"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU

"{1D33BBA9-75E5-7B82-9776-277DEA2C4BA2}" = Catalyst Control Center Graphics Previews Vista

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7

"{20D197D0-8E7B-42A5-B58E-8E510350F352}" = QAliber Test Builder

"{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static

"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)

"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24

"{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist

"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU

"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3A880920-8CCB-4847-A1BD-A97644FD18B3}_is1" = QAliber Test Suite 1.0

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0

"{3F0BBF8C-9BAF-5F16-A2BF-B513D528F1B9}" = Catalyst Control Center Graphics Previews Common

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)

"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161

"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU

"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm

"{45410935-B52C-468A-A836-0D1000038201}" = BulletStorm

"{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm

"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012

"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack

"{5FFEC1CA-DD48-43C4-8BA1-01A82B2C8837}" = QIP 2010 4444 Jeak-Edition

"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2

"{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4

"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.19b, 2010.01.31

"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008

"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU

"{6B6383FE-C0CE-479A-BDDF-BD34579B676A}" = NVIDIA FX Composer 2.5

"{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5

"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)

"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)

"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148

"{7C3228AC-BDE5-448E-8C01-E39BB0782DE8}" = Motorola Software Update

"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch

"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{84F3557A-A7F2-47D7-9242-5DC623261213}" = ScanSnap Organizer

"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007

"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007

"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010

"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010

"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)

"{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer

"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch

"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{990DB057-BB98-4FD8-8442-ACFCB0DB5CAF}" = GLEE

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework

"{A0855EE1-F653-3A5A-C7AF-D6CC3BF7A506}" = Catalyst Control Center InstallProxy

"{A0D2B948-BB85-589F-D283-2145A54BB11B}" = CCC Help English

"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943

"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS

"{B4552068-73FD-406A-816B-2196F4DFCF75}" = NVIDIA FX Composer 2.5 Shader Debugger plugin

"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48

"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition

"{C08DB64D-E569-41A8-8405-5B6F53FCA7C2}" = Microsoft Visual Studio 2008 SDK 1.1

"{C10AD9B6-5039-473C-9C0A-E2A7D50C159C}" = OMEGA Process Modeller

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone

"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager

"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU

"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer

"{E64B588A-56D5-4061-A9E1-1C388C34B763}" = QAliber Agent

"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012

"{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}" = Die Siedler 2 - Die nächste Generation

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F7B32144-0618-495B-8BA3-8A5B8037F72F}" = mental mill (R) Artist Edition

"{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4

"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"1489-3350-5074-6281" = JDownloader 0.9

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Alf-BanCo4_is1" = ALF-BanCo 4

"Avira AntiVir Desktop" = Avira Free Antivirus

"AviSynth" = AviSynth 2.5

"Cg Toolkit_is1" = NVIDIA Cg Toolkit 3.0 February 2011

"CMake" = CMake 2.8, a cross-platform, open-source build system

"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar

"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer

"DiskSpeed32" = DiskSpeed32

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FastStone Capture" = FastStone Capture 5.3

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"FlashGet" = FlashGet 1.9.6.1073

"Foxit Reader" = Foxit Reader

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804

"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm

"ggobi" = GGobi Interactive Graphics Platform

"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2

"Handbrake" = Handbrake 0.9.4

"InstallShield_{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist

"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1

"InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"JDownloader" = JDownloader

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)

"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008

"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack

"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU

"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)

"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)

"Office14.VISIOR" = Microsoft Visio Professional 2010

"OpenAL" = OpenAL

"RevengeOfTheTitansHIB" = Revenge of the Titans HIB (remove only)

"Shader Designer_is1" = Shader Designer 1.5.9.4

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"StarCraft II" = StarCraft II

"Steam App 10" = Counter-Strike

"Steam App 102600" = Orcs Must Die!

"Steam App 10680" = Aliens vs. Predator

"Steam App 12500" = Puzzle Quest

"Steam App 22000" = World of Goo

"Steam App 22180" = Penumbra: Overture

"Steam App 34010" = Alpha Protocol

"Steam App 37420" = Ben There, Dan That!

"Steam App 400" = Portal

"Steam App 41210" = Eufloria

"Steam App 4540" = Titan Quest

"Steam App 4550" = Titan Quest: Immortal Throne

"Steam App 6200" = Ghost Master

"Steam App 630" = Alien Swarm

"Steam App 72200" = Universe Sandbox

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 80200" = Fate of the World

"Steam App 8930" = Sid Meier's Civilization V

"Steam App 99700" = NightSky

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Tunatic" = Tunatic

"Tunngle beta_is1" = Tunngle beta

"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU

"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component

"VLC media player" = VLC media player 1.1.11

"VMware_Workstation" = VMware Workstation

"VobSub" = VobSub v2.23 (Remove Only)

"Winamp" = Winamp

"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.0.144.38

"WinPcapInst" = WinPcap 4.1.1

"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Advanced Archive Password Recovery" = Advanced Archive Password Recovery

"Dropbox" = Dropbox

"FXAA Post Process Injector" = FXAA Post Process Injector

"Google Chrome" = Google Chrome

"ShadowMapping" = ShadowMapping

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

--- --- ---

[/Code]

protection log

Code:

12:01:18        Andreas        MESSAGE        Protection started successfully

12:01:22        Andreas        MESSAGE        IP Protection started successfully

12:02:17        Andreas        ERROR        Scheduled update failed:  I/O error failed with error code 2

12:15:30        Andreas        IP-BLOCK        58.241.216.207 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

12:34:02        Andreas        IP-BLOCK        212.113.33.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

12:34:28        Andreas        IP-BLOCK        62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

12:42:37        Andreas        IP-BLOCK        58.241.21.226 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

12:43:41        Andreas        IP-BLOCK        212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

12:45:09        Andreas        IP-BLOCK        58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

12:58:55        Andreas        IP-BLOCK        188.130.176.7 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

13:05:38        Andreas        IP-BLOCK        62.45.232.153 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

13:28:20        Andreas        IP-BLOCK        218.9.208.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

13:30:44        Andreas        IP-BLOCK        89.28.116.78 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

13:33:44        Andreas        IP-BLOCK        58.240.104.30 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

13:35:52        Andreas        IP-BLOCK        62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

13:42:56        Andreas        IP-BLOCK        222.65.255.111 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

13:46:41        Andreas        IP-BLOCK        218.8.173.89 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:00:57        Andreas        IP-BLOCK        222.70.128.131 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:01:21        Andreas        IP-BLOCK        79.135.150.182 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:05:21        Andreas        IP-BLOCK        212.117.163.239 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:15:38        Andreas        IP-BLOCK        212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:16:10        Andreas        IP-BLOCK        98.142.246.148 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:16:42        Andreas        IP-BLOCK        58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:19:14        Andreas        IP-BLOCK        91.218.38.214 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:28:35        Andreas        IP-BLOCK        83.243.13.40 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:28:43        Andreas        IP-BLOCK        89.28.100.109 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:30:59        Andreas        IP-BLOCK        79.135.150.182 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:31:55        Andreas        IP-BLOCK        58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:33:47        Andreas        IP-BLOCK        218.9.172.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:35:23        Andreas        IP-BLOCK        58.241.86.78 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:44:51        Andreas        IP-BLOCK        212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:47:08        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

14:59:16        Andreas        IP-BLOCK        91.203.147.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:01:32        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:16:45        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:19:17        Andreas        IP-BLOCK        58.240.184.206 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:19:49        Andreas        IP-BLOCK        58.240.184.206 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:20:45        Andreas        IP-BLOCK        62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:32:46        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:45:34        Andreas        IP-BLOCK        218.9.123.149 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:45:58        Andreas        IP-BLOCK        212.113.33.227 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:47:10        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

15:47:58        Andreas        IP-BLOCK        89.28.41.79 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:02:31        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:06:40        Andreas        IP-BLOCK        58.240.194.188 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:08:32        Andreas        IP-BLOCK        89.28.123.215 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:13:52        Andreas        IP-BLOCK        91.188.50.210 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:15:04        Andreas        IP-BLOCK        58.241.227.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:17:45        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:18:41        Andreas        IP-BLOCK        121.125.68.226 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:24:02        Andreas        IP-BLOCK        89.28.123.215 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:32:18        Andreas        IP-BLOCK        91.188.37.145 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:32:42        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:35:07        Andreas        IP-BLOCK        58.240.104.30 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:36:35        Andreas        IP-BLOCK        219.152.77.140 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:45:31        Andreas        IP-BLOCK        58.241.227.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

16:49:39        Andreas        IP-BLOCK        218.9.172.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:01:16        Andreas        IP-BLOCK        212.117.167.212 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:02:36        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:07:00        Andreas        IP-BLOCK        62.45.232.153 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:16:53        Andreas        IP-BLOCK        109.95.112.240 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:18:13        Andreas        IP-BLOCK        85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:18:37        Andreas        IP-BLOCK        124.217.231.117 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:18:45        Andreas        IP-BLOCK        91.215.156.70 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:33:26        Andreas        IP-BLOCK        58.241.141.70 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:45:18        Andreas        IP-BLOCK        121.10.137.43 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:48:55        Andreas        IP-BLOCK        58.240.184.10 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

17:50:23        Andreas        IP-BLOCK        212.113.33.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

mbam log

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 911122501
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

25.12.2011 13:41:07

mbam-log-2011-12-25 (13-41-07).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|)

Durchsuchte Objekte: 790439

Laufzeit: 1 Stunde(n), 39 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

CCcleaner

Code:

@BIOS        GIGABYTE        04.12.2010                2.08

Adobe Flash Player 10 ActiveX 64-bit        Adobe Systems Incorporated        14.05.2011        6,00MB        10.3.162.28

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        28.02.2011        6,00MB        10.2.152.32

Adobe Flash Player 9 ActiveX        Adobe Systems Incorporated        15.04.2011                9

Adobe Reader X (10.1.1) - Deutsch        Adobe Systems Incorporated        30.10.2011        119,2MB        10.1.1

Adobe SVG Viewer 3.0                31.10.2011                 3.0

Advanced Archive Password Recovery        ElcomSoft Co. Ltd.        14.01.2011                4.53

ALF-BanCo 4        ALF AG        12.12.2010        48,7MB        

Alien Swarm        Valve        10.12.2010                

Aliens vs. Predator        Rebellion        12.12.2010                

Alpha Protocol        Obsidian Entertainment        21.08.2011                

ATI Catalyst Install Manager        ATI Technologies, Inc.        04.12.2010        22,4MB        3.0.795.0

Autodesk 3ds Max 2012 64-bit - German        Autodesk        02.05.2011                14.0

Autodesk Backburner 2012.0.0        Autodesk, Inc.        02.05.2011        13,0MB        2012.0.0

Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit        Autodesk        02.05.2011                

Autodesk Material Library 2012        Autodesk        02.05.2011        97,9MB        2.5.0.8

Autodesk Material Library Base Resolution Image Library 2012        Autodesk        02.05.2011        71,4MB        2.5.0.8

Autodesk Material Library Medium Resolution Image Library 2012        Autodesk        02.05.2011        740MB        2.5.0.8

Avira Free Antivirus        Avira        21.12.2011        104,8MB        12.0.0.872

AviSynth 2.5                21.12.2010                

Ben There, Dan That!        Zombie Cow        12.11.2011                

Bulletstorm        EA        08.05.2011                1.0.0000.130

CCleaner        Piriform        24.12.2011                3.14

CDBurnerXP        CDBurnerXP        07.12.2010        11,2MB        4.3.8.2474

Cherry Smart Device Package V1.10 Build 4        ZF Electronics GmbH        12.12.2010        11,3MB        1.10.0.4

CMake 2.8, a cross-platform, open-source build system        Kitware        21.02.2011                2.8.4

Composite 2012 64-bit        Autodesk        02.05.2011        387MB        7.0.0

Counter-Strike        Valve        05.12.2010                

Crysis® 2        Electronic Arts        06.06.2011        3.661MB        1.0.0.0

Crystal Reports Basic for Visual Studio 2008        Business Objects        06.10.2011        173,2MB        10.5.0.0

Crystal Reports Basic German Language Pack for Visual Studio 2008        Business Objects        06.10.2011        19,1MB        10.5.0.0

Crystal Reports Basic Runtime for Visual Studio 2008 (x64)        Business Objects        06.10.2011        64,6MB        10.5.0.0

Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)        Business Objects        06.10.2011        2,51MB        10.5.0.0

Die Siedler 2 - Die nächste Generation        UBISOFT        01.10.2011                1.00.0000

DiskSpeed32                10.05.2011                3, 0, 0, 5

Dropbox        Dropbox, Inc.        15.12.2011                1.2.49

Easy Tune 6 B10.0516.1        GIGABYTE        04.12.2010        26,5MB        1.00.0000

Eufloria                09.01.2011                

FastStone Capture 5.3        FastStone Soft        10.05.2011                5.3

Fate of the World                10.11.2011                

ffdshow [rev 2527] [2008-12-19]                09.12.2010                1.0

FlashGet 1.9.6.1073        hxxp://www.FlashGet.com        09.12.2010                1.9.6.1073

Foxit Reader        Foxit Corporation        11.12.2010        11,1MB        4.3.0.1110

Free YouTube to MP3 Converter version 3.10.7.804        DVDVideoSoft Limited.        12.08.2011        45,3MB        

FXAA Post Process Injector                03.12.2011                

GGobi Interactive Graphics Platform                05.03.2011                

Ghost Master        Empire Interactive        12.11.2011                

Gigabyte Raid Configurer        GIGABYTE Technologies, Inc.        04.12.2010                1.00.0001

GLEE        Microsoft Research        07.10.2011        6,18MB        1.0.000

GmoteServer        Gmote.org        04.12.2011                2.0.2

Google Chrome        Google Inc.        09.08.2011                16.0.912.63

GPL Ghostscript        Artifex Software Inc.        22.04.2011                9.02

GSview 4.9                22.04.2011                

Gtk+ Runtime Environment 2.12.9-2                05.03.2011                2.12.9-2

Handbrake 0.9.4                21.12.2010                0.9.4

HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät        Hewlett-Packard Co.        21.12.2011        180,5MB        22.50.231.0

HP Officejet Pro 8500 A910 Hilfe        Hewlett Packard        21.12.2011        24,2MB        140.0.2.2

I.R.I.S. OCR        HP        21.12.2011        69,0MB        12.3.4.0

Java(TM) 6 Update 20        Sun Microsystems, Inc.        06.01.2011        97,2MB        6.0.200

Java(TM) 6 Update 24        Oracle        12.12.2010        95,0MB        6.0.240

Java(TM) 6 Update 24 (64-bit)        Oracle        06.03.2011        90,8MB        6.0.240

Java(TM) SE Development Kit 6 Update 24        Oracle        06.04.2011        127,9MB        1.6.0.240

Java(TM) SE Development Kit 6 Update 24 (64-bit)        Oracle        06.03.2011        146,0MB        1.6.0.240

Java-Editor 9.19b, 2010.01.31        Gerhard Röhner        06.03.2011        8,28MB        

JDownloader        AppWork UG (haftungsbeschränkt)        12.12.2010                

JDownloader 0.9        AppWork GmbH        21.05.2011                0.9

Logitech Harmony Remote Software        Logitech        18.03.2011                0.6.0201

Logitech Harmony Remote Software 7        Logitech        21.03.2011                7.7.0.0

Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        24.12.2011        13,8MB        1.51.2.1300

mental mill (R) Artist Edition        mental images GmbH        07.05.2011        132,0MB        1.0

Microsoft .NET Compact Framework 2.0 SP2        Microsoft Corporation        06.10.2011        93,2MB        2.0.7045

Microsoft .NET Compact Framework 3.5        Microsoft Corporation        06.10.2011        81,5MB        3.5.7283

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        06.12.2010        38,8MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        21.02.2011        2,94MB        4.0.30319

Microsoft .NET Framework 4 Extended        Microsoft Corporation        21.02.2011        52,0MB        4.0.30319

Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        21.02.2011        10,7MB        4.0.30319

Microsoft ASP.NET MVC 2 - DEU        Microsoft Corporation        21.02.2011        25,00KB        2.0.50331.0

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU        Microsoft Corporation        21.02.2011        2,07MB        2.0.50331.0

Microsoft Device Emulator (64 Bit) Version 3.0 - DEU        Microsoft Corporation        06.10.2011        2,33MB        9.0.21022

Microsoft DirectX SDK (June 2010)        Microsoft Corporation        07.10.2011                9.29.1962.0

Microsoft Document Explorer 2008        Microsoft Corporation        06.10.2011                

Microsoft Document Explorer 2008 Language Pack - DEU        Microsoft Corporation        06.10.2011                

Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        09.05.2011        31,3MB        3.5.88.0

Microsoft Games for Windows Marketplace        Microsoft Corporation        09.05.2011        6,04MB        3.5.50.0

Microsoft Help Viewer 1.0 Language Pack - DEU        Microsoft Corporation        21.02.2011        1,95MB        1.0.30319

Microsoft Office Enterprise 2007        Microsoft Corporation        09.05.2011                12.0.6425.1000

Microsoft Silverlight        Microsoft Corporation        13.10.2011        145,8MB        4.0.60831.0

Microsoft Silverlight 3 SDK - Deutsch        Microsoft Corporation        21.02.2011        32,8MB        3.0.40818.0

Microsoft Silverlight 4 SDK - Deutsch        Microsoft Corporation        06.10.2011        52,4MB        4.0.50826.0

Microsoft SQL Server 2005        Microsoft Corporation        06.10.2011                

Microsoft SQL Server 2008 R2 Data-Tier Application Project        Microsoft Corporation        21.02.2011        14,1MB        10.50.1447.4

Microsoft SQL Server 2008 R2 Management Objects        Microsoft Corporation        21.02.2011        17,2MB        10.50.1447.4

Microsoft SQL Server 2008 R2 Management Objects (x64)        Microsoft Corporation        21.02.2011        10,4MB        10.50.1447.4

Microsoft SQL Server 2008 R2 Transact-SQL Language Service        Microsoft Corporation        21.02.2011        5,41MB        10.50.1447.4

Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework        Microsoft Corporation        21.02.2011        0,37MB        10.50.1447.4

Microsoft SQL Server Compact 3.5 for Devices DEU        Microsoft Corporation        06.10.2011        46,5MB        3.5.5386.0

Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)        Microsoft Corporation        07.10.2011        9,09MB        3.5.5692.0

Microsoft SQL Server Compact 3.5 SP2 DEU        Microsoft Corporation        21.02.2011        3,69MB        3.5.8080.0

Microsoft SQL Server Compact 3.5 SP2 x64 DEU        Microsoft Corporation        21.02.2011        4,81MB        3.5.8080.0

Microsoft SQL Server Database Publishing Wizard 1.3        Microsoft Corporation        07.10.2011        10,4MB        10.0.1600.22

Microsoft SQL Server Native Client        Microsoft Corporation        07.10.2011        5,89MB        9.00.5000.00

Microsoft SQL Server System CLR Types        Microsoft Corporation        21.02.2011        2,55MB        10.50.1447.4

Microsoft SQL Server System CLR Types (x64)        Microsoft Corporation        21.02.2011        0,81MB        10.50.1447.4

Microsoft SQL Server VSS Writer        Microsoft Corporation        07.10.2011        1,12MB        9.00.5000.00

Microsoft Sync Framework Runtime v1.0 SP1 (x64) de        Microsoft Corporation        21.02.2011        1,04MB        1.0.3010.0

Microsoft Sync Framework SDK v1.0 SP1 de        Microsoft Corporation        21.02.2011        30,0MB        1.0.3010.0

Microsoft Sync Framework Services v1.0 SP1 (x64) de        Microsoft Corporation        21.02.2011        2,89MB        1.0.3010.0

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de        Microsoft Corporation        21.02.2011        0,58MB        2.0.3010.0

Microsoft Team Foundation Server 2010-Objektmodell - DEU        Microsoft Corporation        06.10.2011                10.0.30319

Microsoft Visio Professional 2010        Microsoft Corporation        10.11.2011                14.0.6029.1000

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        07.10.2011        0,29MB        8.0.61001

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        07.10.2011        0,77MB        9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        07.10.2011        1,41MB        9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        07.10.2011        0,57MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        07.10.2011        0,59MB        9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        14.10.2011        13,7MB        10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        24.10.2011        12,3MB        10.0.40219

Microsoft Visual F# 2.0 Runtime        Microsoft Corporation        21.02.2011        5,82MB        10.0.30319

Microsoft Visual F# 2.0 Runtime Language Pack - DEU        Microsoft Corporation        21.02.2011        1,30MB        10.0.30319

Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack        Microsoft Corporation        07.10.2011                

Microsoft Visual Studio 2008 Professional Edition - DEU        Microsoft Corporation        07.10.2011                

Microsoft Visual Studio 2008 Remote Debugger - DEU        Microsoft Corporation        07.10.2011                

Microsoft Visual Studio 2008 SDK 1.1        Microsoft Corporation        07.10.2011        418MB        9.0.30820

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)        Microsoft Corporation        21.02.2011                10.0.30319

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU        Microsoft Corporation        21.02.2011                10.0.30319

Microsoft Visual Studio Web Authoring Component        Microsoft Corporation        07.10.2011                12.0.4518.1066

Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - deu        Microsoft Corporation        07.10.2011        44,1MB        3.5.21022

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries        Microsoft Corporation        07.10.2011        115,0MB        6.1.5288.17011

Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense        Microsoft Corporation        07.10.2011        6,65MB        6.1.5288.17011

Microsoft Windows SDK for Visual Studio 2008 SP1 Tools        Microsoft Corporation        07.10.2011        15,6MB        6.1.5294.17011

Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools        Microsoft Corporation        07.10.2011        20,1MB        6.1.5294.17011

Microsoft WSE 3.0 Runtime        Microsoft Corp.        15.04.2011        0,92MB        3.0.5305.0

Microsoft Xbox 360 Accessories 1.2        Microsoft        16.12.2010        7,79MB        1.20.146.0

Motorola Software Update        Motorola        19.03.2011        59,7MB        01.16.08

Mozilla Firefox 8.0 (x86 de)        Mozilla        08.11.2011        35,6MB        8.0

Mozilla Thunderbird (8.0)        Mozilla        09.11.2011                8.0 (de)

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        20.03.2011        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        20.03.2011        1,33MB        4.20.9876.0

NEC Electronics USB 3.0 Host Controller Driver        NEC Electronics Corporation        04.12.2010        0,97MB        1.0.18.0

Nexus Mod Manager        Black Tree Gaming        17.12.2011        7,22MB        0.12.18

NightSky                10.11.2011                

NVIDIA Cg Toolkit 3.0 February 2011        NVIDIA Corporation        07.05.2011        88,6MB        

NVIDIA Developer Tools Software Activation                07.05.2011                1.0

NVIDIA FX Composer 2.5                07.05.2011                2.5

NVIDIA FX Composer 2.5 Shader Debugger plugin                07.05.2011                1.00.000

NVIDIA PhysX        NVIDIA Corporation        22.10.2011        78,9MB        9.10.0513

OMEGA Process Modeller        UNITY        10.11.2011        21,3MB        3.2.0

OpenAL                07.08.2011                

OpenOffice.org 3.2        OpenOffice.org        06.01.2011        364MB        3.2.9502

Orcs Must Die!                23.11.2011                

PDFCreator        Frank Heindörfer, Philip Chinery        17.04.2011                1.2.0

Penumbra: Overture        Frictional Games        21.12.2010                

Portal        Valve        05.05.2011                

Pro Evolution Soccer 2011        KONAMI        16.12.2010        1.637MB        1.00.0000

Pro Evolution Soccer 2012        KONAMI        14.11.2011        2.019MB        1.02.0000

Puzzle Quest        Infinite Interactive        17.09.2011                

Python 2.4.4        Martin v. Löwis        07.05.2011        29,4MB        2.4.4150

QAliber Agent        QAlibers        07.10.2011        0,84MB        1.0.0

QAliber Test Builder        QAlibers        07.10.2011        2,94MB        1.0.0

QAliber Test Suite 1.0        QAlibers (c)        07.10.2011        21,0MB        

QAliber VS 2008 Plugin        QAlibers        07.10.2011        2,20MB        1.0.0

QIP 2010 4444 Jeak-Edition        jeak.de        04.12.2010        19,0MB        3.0.4444

Realtek Ethernet Controller Driver For Windows 7        Realtek        04.12.2010                7.18.322.2010

Realtek HDMI Audio Driver for ATI        Realtek Semiconductor Corp.        04.12.2010                6.0.1.6034

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        04.12.2010                6.0.1.6083

Remote Control USB Driver                21.03.2011                2.3.2.317

Revenge of the Titans HIB (remove only)                14.12.2010                

ScanSnap Manager        PFU        09.07.2011                V5.1L11

ScanSnap Organizer        PFU        09.07.2011                V4.1L11

Seagate Drive Settings Installer        Seagate Technologies LLC        28.05.2011        29,2MB        1.00.0000

Shader Designer 1.5.9.4        TyphoonLabs        24.05.2011                

ShadowMapping        Matthias Grumet        26.05.2011                

Sid Meier's Civilization V        Firaxis Games        09.02.2011                

Skype™ 5.5        Skype Technologies S.A.        20.08.2011        17,0MB        5.5.113

Spyware Terminator 2012        Crawler.com        24.12.2011        19,5MB        3.0.0.50

StarCraft II        Blizzard Entertainment        08.11.2011                1.4.2.20141

SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48        eRightSoft        23.05.2011        39,5MB        v2011.build.48

TeamSpeak 3 Client        TeamSpeak Systems GmbH        05.12.2010                

The Elder Scrolls V: Skyrim        Bethesda Game Studios        02.12.2011                

Titan Quest        IronLore        18.11.2011                

Titan Quest: Immortal Throne        IronLore        18.11.2011                

TortoiseSVN 1.6.16.21511 (64 bit)        TortoiseSVN        06.10.2011        22,1MB        1.6.21511

Tunatic                12.08.2011                

Tunngle beta        Tunngle.net GmbH        28.12.2010                

Turbo Squid Tentacles 3ds Max 2009 64-bit        Turbo Squid        15.04.2011        8,38MB        3.2.0

UE3Redist        Epic Games        11.12.2010        57,2MB        1.00.0000

UltraMon        Realtime Soft Ltd        05.12.2010        5,87MB        3.0.10

Universe Sandbox                09.08.2011                

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        07.10.2011        30,6MB        9.00.5000.00

VDownloader 3.6.943        Vitzo Limited        03.11.2011        37,4MB        

Visual Studio .NET Prerequisites - English        Microsoft Corporation        07.10.2011        2,28MB        9.0.30729

Visual Studio 2005 Tools for Office Second Edition Runtime        Microsoft Corporation        07.10.2011                

Visual Studio Tools for the Office system 3.0 Runtime        Microsoft Corporation        06.10.2011                

Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU        Microsoft Corporation        06.10.2011                

VLC media player 1.1.11        VideoLAN        04.12.2011                1.1.11

VMware Workstation        VMware, Inc        09.12.2010        3.333MB        7.1.3.14951

VobSub v2.23 (Remove Only)                21.12.2010                

WCF RIA Services V1.0 SP1        Microsoft Corporation        06.10.2011        12,3MB        4.1.60114.0

Web Deployment Tool        Microsoft Corporation        21.02.2011        3,10MB        1.1.0618

Web Security Guard with Crawler Toolbar        Crawler, LLC        24.12.2011                

Winamp        Nullsoft, Inc        11.12.2010                5.601 

Windows Live ID Sign-in Assistant        Microsoft Corporation        09.05.2011        10,0MB        6.500.3165.0

Windows Mobile 5.0 SDK R2 for Pocket PC        Microsoft Corporation        06.10.2011        130,4MB        5.00.1700.5.14343.06

Windows Mobile 5.0 SDK R2 for Smartphone        Microsoft Corporation        06.10.2011        79,2MB        5.00.1700.5.14343.06

Windows7FirewallControl (i386) 4.0.144.38        Sphinx Software        04.12.2010                4.0.144.38

WinPcap 4.1.1        CACE Technologies        03.11.2011                4.1.0.1753

WinRAR                06.12.2010                

World of Goo        2D Boy        21.12.2010                

World of Tanks v.0.6.7        Wargaming.net        13.11.2011                

XviD MPEG4 Video Codec (remove only)                21.12.2010

1.
Deinstalliere:

Zitat:

Spyware Terminator 2012 Crawler.com

dieses Programm lässt sich durch Adware finanzieren!

2.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
reinige dein System mit CCleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

SuperAntiSpyware log

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 12/27/2011 at 06:38 PM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8088

Trace Rules Database Version: 5900
 

Scan type       : Complete Scan

Total Scan Time : 01:06:07
 

Operating System Information

Windows 7 Professional 64-bit (Build 6.01.7600)

UAC On - Limited User
 

Memory items scanned      : 785

Memory threats detected   : 0

Registry items scanned    : 75506

Registry threats detected : 0

File items scanned        : 153151

File threats detected     : 68
 

Adware.Tracking Cookie

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ]

        C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ]

        C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]

        C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]

        C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ]

        C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ]

        C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ]

        de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

otl.txt

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 12/27/2011 at 06:38 PM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8088

Trace Rules Database Version: 5900
 

Scan type       : Complete Scan

Total Scan Time : 01:06:07
 

Operating System Information

Windows 7 Professional 64-bit (Build 6.01.7600)

UAC On - Limited User
 

Memory items scanned      : 785

Memory threats detected   : 0

Registry items scanned    : 75506

Registry threats detected : 0

File items scanned        : 153151

File threats detected     : 68
 

Adware.Tracking Cookie

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ]

        C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ]

        C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]

        C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]

        C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ]

        C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ]

        C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ]

        de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

extra.txt

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 12/27/2011 at 06:38 PM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8088

Trace Rules Database Version: 5900
 

Scan type       : Complete Scan

Total Scan Time : 01:06:07
 

Operating System Information

Windows 7 Professional 64-bit (Build 6.01.7600)

UAC On - Limited User
 

Memory items scanned      : 785

Memory threats detected   : 0

Registry items scanned    : 75506

Registry threats detected : 0

File items scanned        : 153151

File threats detected     : 68
 

Adware.Tracking Cookie

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ]

        C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ]

        C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ]

        C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ]

        C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]

        C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]

        C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ]

        C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ]

        C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ]

        C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ]

        de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]

Aktuell kann ich über keine Probleme berichten

die Schritte 5., 6., und 7., fehlen noch!

Eigentlich schon erledigt

5. Genereller Hinweis das man öfters scannen sollte und Autorunfunktion deaktiviert
6. Online Scan durchgeführt. Keine Meldungen
7. Siehe postet Code im vorigen Beitrag.

zu Punkt 7.:
seit Posting #5. habe nicht erhalten!
ein ganz frisch erstelltes versteht sich...

Posting #6 beinhalten die Logs von OTL die erstellt worden sind nachdem Punkt 1-6 ausgeführt wurden sind

Posting #6? habe da 3x Logergebnisse von SUPERAntiSpyware!

also bitte nochmal....
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

OTL.txt
OTL Logfile:

Code:

OTL logfile created on: 31.12.2011 13:41:58 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop

64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,84% Memory free

7,99 Gb Paging File | 5,44 Gb Available in Paging File | 68,06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 55,80 Gb Total Space | 3,55 Gb Free Space | 6,37% Space Free | Partition Type: NTFS

Drive D: | 372,61 Gb Total Space | 26,78 Gb Free Space | 7,19% Space Free | Partition Type: NTFS

Drive E: | 7,51 Gb Total Space | 2,22 Gb Free Space | 29,52% Space Free | Partition Type: FAT32

Drive F: | 931,51 Gb Total Space | 744,63 Gb Free Space | 79,94% Space Free | Partition Type: NTFS

Drive H: | 931,51 Gb Total Space | 638,06 Gb Free Space | 68,50% Space Free | Partition Type: NTFS

 

Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.29 21:05:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011.11.10 10:43:32 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe

PRC - [2010.11.24 14:02:50 | 005,853,056 | ---- | M] (QIP) -- C:\Program Files (x86)\jeak.de\QIP 2010\qip.exe

PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe

PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe

PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe

PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe

PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.29 21:05:24 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011.12.13 16:57:50 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko9\WINNT_x86-msvc\SSSLauncher.dll

MOD - [2011.11.10 10:43:33 | 001,988,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

MOD - [2011.11.10 10:43:32 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

MOD - [2011.11.10 10:43:32 | 000,021,656 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

MOD - [2010.11.24 14:03:02 | 000,483,712 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\Social\Social.dll

MOD - [2010.11.24 14:03:02 | 000,048,000 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\pics.dll

MOD - [2010.11.24 14:03:00 | 002,367,872 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\MRA.dll

MOD - [2010.11.24 14:02:58 | 002,654,080 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\InfICQ\InfICQ.dll

MOD - [2010.11.24 14:02:56 | 000,087,424 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Core\WebWindow.dll

MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll

MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)

SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)

SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)

SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)

DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)

DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)

DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "Google.de"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5

FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions

[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions

[2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml

[2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml

[2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml

[2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll

CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll

CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll

CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\

CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\

CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\

CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\

CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.

O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\tbr - No CLSID value found

O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe

O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe

[2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com

[2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe

[2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe

[2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe

[2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes

[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

[2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar

[2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler

[2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll

[2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP

[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager

[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming

[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager

[2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox

[2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox

[2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll

[2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll

[2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll

[2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll

[2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll

[2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll

[2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll

[2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll

[2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll

[2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver

[2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry

[2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data

[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer

[2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71

[2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc

[2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job

[2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.31 12:47:56 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.31 12:47:56 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.31 12:47:56 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.31 12:47:56 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.31 12:47:56 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.31 12:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.31 12:43:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.30 19:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat

[2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job

[2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg

[2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg

[2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg

[2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg

[2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg

[2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg

[2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg

[2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg

[2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe

[2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg

[2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe

[2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe

[2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe

[2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip

[2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip

[2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

[2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable

[2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe

[2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe

[2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd

[2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

[2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk

[2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk

[2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk

[2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp

[2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif

[2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp

[2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg

[2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI

[2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip

[2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg

[2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg

[2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg

[2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg

[2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg

[2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg

[2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg

[2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg

[2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg

[2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip

[2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip

[2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable

[2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe

[2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd

[2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk

[2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

[2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk

[2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk

[2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk

[2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif

[2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg

[2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll

[2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip

[2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp

[2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll

[2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll

[2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe

[2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat

[2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI

[2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll

[2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini

[2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd

[2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat

[2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI

[2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg

[2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe

[2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

 
 ========== LOP Check ==========

 

[2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft

[2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4

[2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk

[2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS

[2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid

[2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome

[2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules

[2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited

[2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry

[2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite

[2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame

[2011.12.31 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox

[2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft

[2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot

[2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet

[2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO

[2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw

[2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software

[2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu

[2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0

[2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake

[2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut

[2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor

[2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts

[2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis

[2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia

[2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org

[2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU

[2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS

[2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing

[2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP

[2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion

[2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System

[2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak

[2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird

[2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client

[2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle

[2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader

[2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net

[2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU

[2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========
 

< End of report >

--- --- ---

Extra.txt
OTL Logfile:

Code:

OTL logfile created on: 31.12.2011 13:41:58 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop

64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,84% Memory free

7,99 Gb Paging File | 5,44 Gb Available in Paging File | 68,06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 55,80 Gb Total Space | 3,55 Gb Free Space | 6,37% Space Free | Partition Type: NTFS

Drive D: | 372,61 Gb Total Space | 26,78 Gb Free Space | 7,19% Space Free | Partition Type: NTFS

Drive E: | 7,51 Gb Total Space | 2,22 Gb Free Space | 29,52% Space Free | Partition Type: FAT32

Drive F: | 931,51 Gb Total Space | 744,63 Gb Free Space | 79,94% Space Free | Partition Type: NTFS

Drive H: | 931,51 Gb Total Space | 638,06 Gb Free Space | 68,50% Space Free | Partition Type: NTFS

 

Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.29 21:05:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011.11.10 10:43:32 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe

PRC - [2010.11.24 14:02:50 | 005,853,056 | ---- | M] (QIP) -- C:\Program Files (x86)\jeak.de\QIP 2010\qip.exe

PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe

PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe

PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe

PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe

PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.29 21:05:24 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011.12.13 16:57:50 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko9\WINNT_x86-msvc\SSSLauncher.dll

MOD - [2011.11.10 10:43:33 | 001,988,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

MOD - [2011.11.10 10:43:32 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

MOD - [2011.11.10 10:43:32 | 000,021,656 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

MOD - [2010.11.24 14:03:02 | 000,483,712 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\Social\Social.dll

MOD - [2010.11.24 14:03:02 | 000,048,000 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\pics.dll

MOD - [2010.11.24 14:03:00 | 002,367,872 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\MRA.dll

MOD - [2010.11.24 14:02:58 | 002,654,080 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\InfICQ\InfICQ.dll

MOD - [2010.11.24 14:02:56 | 000,087,424 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Core\WebWindow.dll

MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll

MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)

SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)

SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)

SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)

DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)

DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)

DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "Google.de"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5

FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions

[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions

[2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml

[2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml

[2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml

[2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll

CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll

CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll

CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\

CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\

CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\

CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\

CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.

O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\tbr - No CLSID value found

O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe

O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe

[2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com

[2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe

[2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe

[2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe

[2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes

[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

[2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar

[2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler

[2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll

[2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP

[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager

[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming

[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager

[2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox

[2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox

[2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll

[2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll

[2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll

[2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll

[2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll

[2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll

[2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll

[2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll

[2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll

[2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver

[2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry

[2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data

[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer

[2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71

[2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc

[2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job

[2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.31 12:47:56 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.31 12:47:56 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.31 12:47:56 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.31 12:47:56 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.31 12:47:56 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.31 12:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.31 12:43:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.30 19:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat

[2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job

[2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg

[2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg

[2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg

[2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg

[2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg

[2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg

[2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg

[2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg

[2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe

[2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg

[2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe

[2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe

[2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe

[2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip

[2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip

[2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

[2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable

[2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe

[2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe

[2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd

[2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

[2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk

[2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk

[2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk

[2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp

[2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif

[2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp

[2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg

[2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI

[2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip

[2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg

[2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg

[2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg

[2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg

[2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg

[2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg

[2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg

[2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg

[2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg

[2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip

[2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip

[2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable

[2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe

[2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd

[2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk

[2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

[2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk

[2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk

[2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk

[2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif

[2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg

[2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll

[2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip

[2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp

[2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll

[2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll

[2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe

[2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat

[2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI

[2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll

[2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini

[2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd

[2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat

[2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI

[2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg

[2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe

[2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

 
 ========== LOP Check ==========

 

[2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft

[2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4

[2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk

[2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS

[2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid

[2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome

[2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules

[2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited

[2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry

[2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite

[2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame

[2011.12.31 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox

[2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft

[2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot

[2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet

[2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO

[2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw

[2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software

[2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu

[2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0

[2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake

[2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut

[2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor

[2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts

[2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis

[2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia

[2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org

[2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU

[2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS

[2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing

[2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP

[2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion

[2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System

[2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak

[2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird

[2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client

[2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle

[2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader

[2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net

[2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU

[2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

[/Code]

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.useDBForOrder: true

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

[2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml

[2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.

O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)

O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe

O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE

[2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler

[2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job

[2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job
 

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

OTL Logfile:

Code:

OTL logfile created on: 02.01.2012 13:53:05 - Run 5

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop

64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,06% Memory free

7,99 Gb Paging File | 5,99 Gb Available in Paging File | 74,97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 55,80 Gb Total Space | 3,35 Gb Free Space | 6,01% Space Free | Partition Type: NTFS

Drive D: | 372,61 Gb Total Space | 26,29 Gb Free Space | 7,06% Space Free | Partition Type: NTFS

Drive H: | 931,51 Gb Total Space | 637,92 Gb Free Space | 68,48% Space Free | Partition Type: NTFS

 

Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe

PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe

PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe

PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe

PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe

PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.08.22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

MOD - [2011.08.12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll

MOD - [2011.08.12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

MOD - [2011.08.12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

MOD - [2011.08.12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll

MOD - [2011.08.12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll

MOD - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll

MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)

SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)

SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)

SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.08.19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C160(UVC)

DRV:64bit: - [2011.08.19 10:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)

DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)

DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)

DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.param.yahoo-fr: ""

FF - prefs.js..browser.search.selectedEngine: "Google.de"

FF - prefs.js..browser.search.useDBForOrder: ""

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5

FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions

[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions

[2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml

[2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml

[2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll

CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll

CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll

CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\

CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\

CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\

CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\

CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\tbr - No CLSID value found

O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll File not found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.02 13:47:58 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.01.01 23:44:16 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Logitech® Webcam-Software

[2012.01.01 23:41:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Leadertech

[2012.01.01 23:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd

[2012.01.01 23:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS

[2012.01.01 23:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech

[2012.01.01 23:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2012.01.01 23:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2012.01.01 23:38:51 | 007,045,480 | ---- | C] (Logitech, Inc.) -- C:\Users\Andreas\Desktop\lws230.exe

[2011.12.31 19:59:17 | 000,000,000 | ---D | C] -- C:\videodvdmaker

[2011.12.31 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Video DVD Maker FREE

[2011.12.31 19:58:56 | 012,417,842 | ---- | C] (                                                            ) -- C:\Users\Andreas\Desktop\klcodec520f.exe

[2011.12.31 19:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video DVD Maker

[2011.12.31 19:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video DVD Maker

[2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe

[2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com

[2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe

[2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe

[2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe

[2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes

[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.25 12:00:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

[2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar

[2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll

[2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP

[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager

[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming

[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager

[2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox

[2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox

[2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll

[2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll

[2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll

[2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll

[2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll

[2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll

[2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll

[2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll

[2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll

[2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver

[2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry

[2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data

[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer

[2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71

[2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc

[2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.02 13:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.02 13:50:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012.01.02 13:50:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.02 13:49:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat

[2012.01.02 11:35:05 | 000,029,410 | ---- | M] () -- C:\Users\Andreas\Desktop\Blatt10.pdf

[2012.01.02 11:22:40 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.02 11:22:40 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.02 11:20:13 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.01.02 11:20:13 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.01.02 11:20:13 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.01.02 11:20:13 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.01.02 11:20:13 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.01.01 23:41:42 | 000,001,112 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2012.01.01 23:41:05 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk

[2012.01.01 23:38:55 | 007,045,480 | ---- | M] (Logitech, Inc.) -- C:\Users\Andreas\Desktop\lws230.exe

[2011.12.31 20:00:22 | 000,012,288 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.12.31 19:59:26 | 012,417,842 | ---- | M] (                                                            ) -- C:\Users\Andreas\Desktop\klcodec520f.exe

[2011.12.31 19:58:22 | 008,671,837 | ---- | M] () -- C:\Users\Andreas\Desktop\vdm_free.exe

[2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg

[2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg

[2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg

[2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg

[2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg

[2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg

[2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg

[2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg

[2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe

[2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg

[2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe

[2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe

[2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe

[2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip

[2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip

[2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe

[2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable

[2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe

[2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe

[2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd

[2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

[2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk

[2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk

[2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk

[2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp

[2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif

[2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp

[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg

[2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI

[2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip

[2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.01.02 11:35:04 | 000,029,410 | ---- | C] () -- C:\Users\Andreas\Desktop\Blatt10.pdf

[2012.01.01 23:41:42 | 000,001,112 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2012.01.01 23:41:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012.01.01 23:41:05 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk

[2011.12.31 19:58:15 | 008,671,837 | ---- | C] () -- C:\Users\Andreas\Desktop\vdm_free.exe

[2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg

[2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg

[2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg

[2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg

[2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg

[2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg

[2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg

[2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg

[2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg

[2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip

[2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip

[2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable

[2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe

[2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd

[2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk

[2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

[2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

[2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk

[2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk

[2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk

[2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif

[2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg

[2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll

[2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip

[2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp

[2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll

[2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll

[2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe

[2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat

[2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI

[2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll

[2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini

[2010.12.15 13:18:38 | 000,012,288 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd

[2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat

[2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI

[2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg

[2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe

[2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

 
 ========== LOP Check ==========

 

[2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft

[2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4

[2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk

[2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS

[2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid

[2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome

[2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules

[2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited

[2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry

[2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite

[2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame

[2012.01.02 13:51:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox

[2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft

[2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot

[2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet

[2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO

[2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw

[2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software

[2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu

[2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0

[2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake

[2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut

[2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor

[2012.01.01 23:41:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech

[2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts

[2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis

[2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia

[2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org

[2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU

[2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS

[2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing

[2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP

[2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion

[2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System

[2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak

[2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird

[2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client

[2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle

[2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader

[2011.12.31 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Video DVD Maker FREE

[2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net

[2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU

[2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---