Nein ich habe 2 iexplorer.exe und 1 explorer.exe und die explorer.exe scheint firefox zu blockieren, da alles wieder läuft, wenn ich die beende, ABER wenn ich explorer.exe dann neustarte starten sofort 2 iexplorer.exe prozesse mit, die ich nicht geöffnet habe => sprich ich habe keinen internet explorer offen aber trotzdem die Prozesse dafür...
Hier die Malwarebytes und OTL logfiles: Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.05.29.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
xxxxx# :: xxxxx [Administrator]
29.05.2012 13:30:14
mbam-log-2012-05-29 (13-30-14).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 283604
Laufzeit: 6 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.Agent.Gen) -> Daten: C:\Users\Thomas#\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.Agent) -> Daten: C:\Users\Thomas#\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende) Code:
OTL Extras logfile created on: 29.05.2012 13:30:52 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\xxxxx#\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 56,68% Memory free
6,50 Gb Paging File | 4,26 Gb Available in Paging File | 65,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 104,73 Gb Free Space | 22,49% Space Free | Partition Type: NTFS
Computer Name: FINN | User Name: Thomas# | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F43D9E-0AE6-43B2-B5BD-2DC4B439A6EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{07D06BDE-81DC-4770-AB93-7BAE143B0EF4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08759E3C-C4F9-4D70-8E51-C4B844647A6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FAA8A30-98CA-4254-99A0-FB1DD7E41DEA}" = lport=445 | protocol=6 | dir=in | app=system | Code:
OTL logfile created on: 29.05.2012 13:30:52 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Thomas#\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 56,68% Memory free
6,50 Gb Paging File | 4,26 Gb Available in Paging File | 65,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 104,73 Gb Free Space | 22,49% Space Free | Partition Type: NTFS
Computer Name: FINN | User Name: Thomas# | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Thomas#\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\CPUCooL\CooLSRV.exe ()
PRC - C:\Programme\Rainmeter\Rainmeter.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Programme\FlashOffliner\FlashOffliner.exe (Dead'Soul)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Rainmeter\Plugins\RecycleManager.dll ()
MOD - C:\Programme\Rainmeter\Plugins\WebParser.dll ()
MOD - C:\Programme\Rainmeter\Rainmeter.exe ()
MOD - C:\Programme\Rainmeter\Rainmeter.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Programme\Rainmeter\Plugins\InputText.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
========== Win32 Services (SafeList) ==========
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found
SRV - (Futuremark SystemInfo Service) -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_6c825ce.dll ()
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CPUCooLServer) -- C:\Programme\CPUCooL\CooLSRV.exe ()
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
========== Driver Services (SafeList) ==========
DRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found
DRV - (XDva396) -- C:\Windows\system32\XDva396.sys File not found
DRV - (XDva394) -- C:\Windows\system32\XDva394.sys File not found
DRV - (XDva393) -- C:\Windows\system32\XDva393.sys File not found
DRV - (XDva392) -- C:\Windows\system32\XDva392.sys File not found
DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found
DRV - (XDva390) -- C:\Windows\system32\XDva390.sys File not found
DRV - (XDva389) -- C:\Windows\system32\XDva389.sys File not found
DRV - (XDva388) -- C:\Windows\system32\XDva388.sys File not found
DRV - (XDva387) -- C:\Windows\system32\XDva387.sys File not found
DRV - (XDva386) -- C:\Windows\system32\XDva386.sys File not found
DRV - (XDva385) -- C:\Windows\system32\XDva385.sys File not found
DRV - (XDva383) -- C:\Windows\system32\XDva383.sys File not found
DRV - (XDva380) -- C:\Windows\system32\XDva380.sys File not found
DRV - (XDva375) -- C:\Windows\system32\XDva375.sys File not found
DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found
DRV - (XDva362) -- C:\Windows\system32\XDva362.sys File not found
DRV - (XDva359) -- C:\Windows\system32\XDva359.sys File not found
DRV - (XDva352) -- C:\Windows\system32\XDva352.sys File not found
DRV - (XDva351) -- C:\Windows\system32\XDva351.sys File not found
DRV - (XDva349) -- C:\Windows\system32\XDva349.sys File not found
DRV - (PxHelp20) -- System32\Drivers\PxHelp20.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (cpuz132) -- C:\Users\Thomas#\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (AODDriver4.1) -- C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys File not found
DRV - (ALSysIO) -- C:\Users\Thomas#\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MotioninJoyXFilter) -- C:\Windows\System32\drivers\MijXfilt.sys (MotioninJoy)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=HQ&apn_dtid=&apn_uid=9D6DF252-27AE-41BA-BD4D-88F3C33A7728&apn_sauid=87397645-1A63-470B-B901-E68BC72F9731
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.9.0.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas#\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas#\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.11 14:02:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.11 14:02:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.23 16:32:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.23 16:32:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2010.04.27 18:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Extensions
[2012.04.21 19:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions
[2012.04.21 19:59:26 | 000,000,000 | ---D | M] (MovieBario Community Toolbar) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}
[2012.02.16 14:41:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.12.14 16:22:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.23 18:10:50 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012.02.13 17:26:02 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.03.18 19:39:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.07 18:46:59 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions\engine@conduit.com
[2012.03.18 19:08:24 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Thomas#\AppData\Roaming\mozilla\Firefox\Profiles\13jkl0sh.default\extensions\software@loadtubes.com
[2011.12.01 19:36:44 | 000,000,931 | ---- | M] () -- C:\Users\Thomas#\AppData\Roaming\Mozilla\Firefox\Profiles\13jkl0sh.default\searchplugins\conduit.xml
[2012.03.02 17:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.02 17:39:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.02 17:39:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.18 18:52:40 | 000,018,684 | ---- | M] () (No name found) -- C:\USERS\THOMAS#\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13JKL0SH.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.02.23 16:32:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.23 16:32:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.23 16:32:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.23 16:32:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.23 16:32:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.23 16:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.23 16:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Google-Suche = C:\Users\Thomas#\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Thomas#\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll File not found
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Thomas#\AppData\Roaming\loadtbs\toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story_DE\PrePatch.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thomas#\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent File not found
O4 - HKCU..\Run: [ffdwnd] C:\Users\Thomas#\AppData\Local\Mozilla\Firefox\firefox.exe File not found
O4 - HKCU..\Run: [Firefox helper] C:\Users\Thomas#\AppData\Local\Mozilla\Firefox\firefox.exe File not found
O4 - HKCU..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload File not found
O4 - HKCU..\Run: [LicenseValidator] C:\Users\Thomas#\AppData\Roaming\Identities\{BA635C54-B94E-4B47-8E1E-F63525F3D226}\LicenseValidator.exe ()
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas#\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas#\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{647E6EA6-94E7-4A1F-8FB7-E6425DCD197F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{37b768d9-0ac9-11e1-baeb-406186c9e0a4}\Shell - "" = AutoRun
O33 - MountPoints2\{37b768d9-0ac9-11e1-baeb-406186c9e0a4}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{5ea7a423-0a05-11e1-b021-406186c9e0a4}\Shell - "" = AutoRun
O33 - MountPoints2\{5ea7a423-0a05-11e1-b021-406186c9e0a4}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.05.29 13:29:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.29 13:29:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\AppData\Roaming\Malwarebytes
[2012.05.29 13:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.29 13:29:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.29 13:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.29 13:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.29 13:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.05.29 13:07:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.05.28 21:09:08 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\Desktop\EPIC
[2012.05.25 12:18:01 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\AppData\Roaming\LolClient2
[2012.05.22 21:32:39 | 003,979,217 | ---- | C] (Dead'Soul (MysterCrowley.com)) -- C:\Users\Thomas#\Desktop\Tower.fop
[2012.05.18 04:58:02 | 003,147,042 | ---- | C] (Dead'Soul (MysterCrowley.com)) -- C:\Users\Thomas#\Desktop\Enter_Game_Name.fop
[2012.05.16 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\Documents\Diablo III
[2012.05.16 20:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.16 20:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
[2012.05.16 20:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.05.15 17:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\.sol Editor
[2012.05.15 17:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sol Edit
[2012.05.15 17:24:13 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.sol Editor
[2012.05.15 17:17:57 | 007,720,024 | ---- | C] (Dead'Soul (MysterCrowley.com)) -- C:\Users\Thomas#\Desktop\Avalonx.fop
[2012.05.14 11:10:40 | 001,757,264 | ---- | C] (None) -- C:\Users\Thomas#\Desktop\VisualBoyAdvance.exe
[2012.05.13 14:46:51 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\Desktop\BATTERY
[2012.05.13 14:46:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\Desktop\SLOT
[2012.05.10 19:40:15 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.07 17:36:35 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2012.05.07 17:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.05.04 16:19:28 | 000,000,000 | ---D | C] -- C:\Users\Thomas#\AppData\Roaming\Google Inc
[2012.04.30 21:44:28 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.04.30 21:44:25 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.01.10 19:44:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Thomas#\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.05.29 13:29:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.29 13:29:17 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 13:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.29 13:10:12 | 000,002,973 | ---- | M] () -- C:\Users\Thomas#\Desktop\HiJackThis.lnk
[2012.05.29 12:49:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.29 12:44:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1504427722-964861570-2723959977-1000UA.job
[2012.05.29 12:10:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.28 21:05:02 | 000,485,395 | ---- | M] () -- C:\Users\Thomas#\Desktop\redirect.jpg
[2012.05.28 20:46:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.28 20:46:05 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1504427722-964861570-2723959977-1000Core.job
[2012.05.26 13:48:09 | 000,002,068 | ---- | M] () -- C:\Users\Thomas#\Desktop\vba.ini
[2012.05.26 13:08:14 | 000,001,536 | ---- | M] () -- C:\Users\Thomas#\Desktop\NO$GBA.INP
[2012.05.25 10:28:43 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.25 10:28:43 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 21:32:40 | 003,979,217 | ---- | M] (Dead'Soul (MysterCrowley.com)) -- C:\Users\Thomas#\Desktop\Tower.fop
[2012.05.22 20:15:51 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.21 19:05:25 | 001,835,218 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.21 19:05:25 | 000,533,488 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.21 19:05:25 | 000,334,962 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.21 19:05:25 | 000,051,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.21 18:38:10 | 000,007,598 | ---- | M] () -- C:\Users\Thomas#\AppData\Local\Resmon.ResmonCfg
[2012.05.21 18:20:34 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.21 18:20:34 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.18 04:58:04 | 003,147,042 | ---- | M] (Dead'Soul (MysterCrowley.com)) -- C:\Users\Thomas#\Desktop\Enter_Game_Name.fop
[2012.05.16 21:05:39 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.16 18:15:39 | 000,093,374 | ---- | M] () -- C:\Users\Thomas#\Desktop\695511452.jpg
[2012.05.15 17:24:14 | 000,000,958 | ---- | M] () -- C:\Users\Thomas#\Desktop\.sol Editor.lnk
[2012.05.15 17:17:59 | 007,720,024 | ---- | M] (Dead'Soul (MysterCrowley.com)) -- C:\Users\Thomas#\Desktop\Avalonx.fop
[2012.05.15 11:50:08 | 000,000,418 | ---- | M] () -- C:\Users\Thomas#\Desktop\NO$GBA.CHT
[2012.05.14 11:16:51 | 000,065,536 | ---- | M] () -- C:\Users\Thomas#\Desktop\Pokemon Feuerrot (D).sav
[2012.05.09 19:46:12 | 000,027,180 | ---- | M] () -- C:\Users\Thomas#\Desktop\532765_272545012841424_208530859242840_580112_50245295_n.jpg
[2012.05.02 13:02:44 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.04.30 21:44:28 | 000,001,356 | ---- | M] () -- C:\Users\Thomas#\Desktop\Free YouTube to MP3 Converter.lnk
[2012.04.30 20:50:06 | 000,040,078 | ---- | M] () -- C:\Users\Thomas#\Desktop\564341_365337430179830_310784825635091_967022_538699151_n.jpg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.05.29 13:29:17 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 13:07:29 | 000,002,973 | ---- | C] () -- C:\Users\Thomas#\Desktop\HiJackThis.lnk
[2012.05.28 21:04:52 | 000,485,395 | ---- | C] () -- C:\Users\Thomas#\Desktop\redirect.jpg
[2012.05.16 20:44:09 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.16 18:15:39 | 000,093,374 | ---- | C] () -- C:\Users\Thomas#\Desktop\695511452.jpg
[2012.05.15 17:24:14 | 000,000,958 | ---- | C] () -- C:\Users\Thomas#\Desktop\.sol Editor.lnk
[2012.05.15 11:50:08 | 000,000,418 | ---- | C] () -- C:\Users\Thomas#\Desktop\NO$GBA.CHT
[2012.05.14 11:12:49 | 000,065,536 | ---- | C] () -- C:\Users\Thomas#\Desktop\Pokemon Feuerrot (D).sav
[2012.05.14 11:10:48 | 000,002,068 | ---- | C] () -- C:\Users\Thomas#\Desktop\vba.ini
[2012.05.14 11:10:40 | 000,025,223 | ---- | C] () -- C:\Users\Thomas#\Desktop\NEWS
[2012.05.14 11:10:40 | 000,018,349 | ---- | C] () -- C:\Users\Thomas#\Desktop\COPYING
[2012.05.14 11:07:28 | 000,071,264 | ---- | C] () -- C:\Users\Thomas#\Desktop\Pokemon Feuerrot2.SGM
[2012.05.13 15:04:57 | 000,001,536 | ---- | C] () -- C:\Users\Thomas#\Desktop\NO$GBA.INP
[2012.05.13 14:46:41 | 000,170,646 | ---- | C] () -- C:\Users\Thomas#\Desktop\NO$GBA.EXE
[2012.05.13 14:44:43 | 016,777,216 | ---- | C] () -- C:\Users\Thomas#\Desktop\Pokemon Feuerrot (D).gba
[2012.05.10 19:39:15 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1504427722-964861570-2723959977-1000UA.job
[2012.05.10 19:39:14 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1504427722-964861570-2723959977-1000Core.job
[2012.05.09 19:46:04 | 000,027,180 | ---- | C] () -- C:\Users\Thomas#\Desktop\532765_272545012841424_208530859242840_580112_50245295_n.jpg
[2012.05.02 13:02:44 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.04.30 21:44:28 | 000,001,356 | ---- | C] () -- C:\Users\Thomas#\Desktop\Free YouTube to MP3 Converter.lnk
[2012.04.30 20:50:05 | 000,040,078 | ---- | C] () -- C:\Users\Thomas#\Desktop\564341_365337430179830_310784825635091_967022_538699151_n.jpg
[2012.03.28 11:21:04 | 000,004,608 | ---- | C] () -- C:\Users\Thomas#\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.22 19:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.15 07:40:28 | 004,826,112 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.22 14:20:35 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.02.16 18:51:23 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.02.16 18:51:22 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.01.15 14:24:17 | 000,356,352 | ---- | C] () -- C:\Windows\SpaceFighters3DUninstaller.exe
[2012.01.10 19:44:46 | 000,087,608 | ---- | C] () -- C:\Users\Thomas#\AppData\Roaming\inst.exe
[2012.01.10 19:44:46 | 000,007,887 | ---- | C] () -- C:\Users\Thomas#\AppData\Roaming\pcouffin.cat
[2012.01.10 19:44:46 | 000,001,144 | ---- | C] () -- C:\Users\Thomas#\AppData\Roaming\pcouffin.inf
[2012.01.10 19:40:22 | 000,001,044 | ---- | C] () -- C:\Users\Thomas#\AppData\Roaming\vso_ts_preview.xml
[2012.01.09 20:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011.11.12 00:07:09 | 000,000,746 | ---- | C] () -- C:\Windows\EF2.INI
[2011.11.11 10:38:30 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.11.11 10:38:30 | 000,022,328 | ---- | C] () -- C:\Users\Thomas#\AppData\Roaming\PnkBstrK.sys
[2011.11.11 10:37:59 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011.05.08 06:36:41 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.05.08 06:36:41 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.16 18:08:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.11.11 21:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.09.16 15:47:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.09.15 17:29:55 | 000,000,179 | ---- | C] () -- C:\Windows\dievölkergold.ini
[2010.07.02 21:17:59 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2010.06.22 15:14:55 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2010.06.22 15:01:40 | 000,000,327 | ---- | C] () -- C:\Windows\SIERRA.INI
========== LOP Check ==========
[2012.05.22 22:07:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\.minecraft
[2012.02.02 18:17:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Activision
[2010.09.16 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Atari
[2011.08.04 21:51:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Azureus
[2010.05.12 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.04.30 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\DVDVideoSoft
[2012.04.21 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.02 17:34:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\ImgBurn
[2010.06.18 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Leadertech
[2011.03.05 18:35:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\LolClient
[2012.05.25 12:18:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\LolClient2
[2012.02.06 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2010.05.15 10:09:34 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2010.06.04 15:53:44 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.03.29 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\MotioninJoy
[2010.05.09 11:06:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\OpenOffice.org
[2010.07.13 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Petroglyph
[2012.02.03 23:01:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Publish Providers
[2011.05.08 06:36:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\PunkBuster
[2011.10.02 09:53:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\pymclevel
[2012.04.29 01:34:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Rainmeter
[2011.03.11 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Raptr
[2012.02.28 12:20:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Sony
[2012.03.07 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Sony Creative Software Inc
[2011.08.16 16:29:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\SoundSpectrum
[2012.03.15 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\TeamViewer
[2010.04.27 20:11:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\The Creative Assembly
[2012.04.29 01:34:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\TS3Client
[2012.04.29 01:34:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\ts3overlay
[2011.08.06 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Turbine
[2012.02.20 12:22:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Ubisoft
[2012.03.30 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\uTorrent
[2012.02.28 13:50:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Vso
[2012.03.28 10:40:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas#\AppData\Roaming\Win7codecs
[2010.04.28 15:39:33 | 000,000,526 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2012.02.20 15:13:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > |