Trojaner-Board - Seiten und Filme im Internett werden nicht mehr richtig dargestellt----

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Seiten und Filme im Internett werden nicht mehr richtig dargestellt---- (https://www.trojaner-board.de/130797-seiten-filme-internett-mehr-richtig-dargestellt.html)

Seiten und Filme im Internett werden nicht mehr richtig dargestellt----

Hallo Leute,
Habe seit gestern das Problem, das manche Seiten im Internet nicht mehr richtig dargestellt bzw. Verkleinert dargestellt werden. Und das ich auf Lovefilm keine Filme mehr abspiehlen kann, bzw.das ich nicht mehr Video on Demand schauen kann, -da sich die Videos mit den Servern nicht mehr verbinden.
Ich habe zwar ein Sicherheitsprogramm-Norton Online , mit dem ich mein System schon Geskannt habe, aber es hat nichts entscheidendes Gefunden.
Nun habe ich mit Malwarebytes geskannt , und hatte gleich Sicherheitsbedrohungen. Hier ein Screenshot , siehe Anhang:
Kann ich die Sicherheitsbedrohungen löschen, ohne Komlikationen? Oder muss ich was besonderes beachten????:crazy::crazy::crazy:
Ich bedanke mich schon mal im Vorraus,:schrei:
Gr,
Roms75

Hier sind die Dateien als Anhang

Gr.
roms75

hab ich nicht gesagt als text, so wie es auch oben steht.

So ich hoffe , so ist es nun Recht!!!!:zunge::zunge:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Romano :: ROMANO-PC [Administrator]

Schutz: Aktiviert

09.02.2012 15:27:55
mbam-log-2012-02-09 (15-27-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 186410
Laufzeit: 5 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\Users\Romano\Downloads\ADLSoft_UnCompressor_triple_2nd_offer_0412_s.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\PDFConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\SoftonicDownloader_fuer_cdburnerxp-pro.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\SoftonicDownloader_fuer_free-screen-capturer.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\SoftonicDownloader_fuer_freerip-mp3.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\SoftonicDownloader_fuer_inkscape.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\SoftonicDownloader_fuer_picpick.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\SoftonicDownloader_fuer_windows-media-player-plugin(1).exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\SoftonicDownloader_fuer_windows-media-player-plugin.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Romano\Downloads\VideoConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Romano :: ROMANO-PC [Administrator]

08.02.2013 13:50:34
mbam-log-2013-02-08 (13-50-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 263326
Laufzeit: 4 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 7
C:\Users\Romano\Downloads\fat32formatter 1 0.exe (PUP.Offerware) -> Keine Aktion durchgeführt.
C:\Users\Romano\Downloads\installer_magic_dvd_copier.exe (PUP.Adbundler) -> Keine Aktion durchgeführt.
C:\Users\Romano\Downloads\installer_magic_dvd_ripper.exe (PUP.Adbundler) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Romano :: ROMANO-PC [Administrator]

08.02.2013 15:55:00
mbam-log-2013-02-08 (15-55-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 263806
Laufzeit: 3 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 7
C:\Users\Romano\Downloads\fat32formatter 1 0.exe (PUP.Offerware) -> Keine Aktion durchgeführt.
C:\Users\Romano\Downloads\installer_magic_dvd_copier.exe (PUP.Adbundler) -> Keine Aktion durchgeführt.
C:\Users\Romano\Downloads\installer_magic_dvd_ripper.exe (PUP.Adbundler) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
2012/02/09 15:27:47 +0100 ROMANO-PC Romano MESSAGE Executing scheduled update: Daily
2012/02/09 15:27:48 +0100 ROMANO-PC Romano MESSAGE Starting protection
2012/02/09 15:27:48 +0100 ROMANO-PC Romano MESSAGE Database already up-to-date
2012/02/09 15:27:49 +0100 ROMANO-PC Romano MESSAGE Protection started successfully
2012/02/09 15:27:52 +0100 ROMANO-PC Romano MESSAGE Starting IP protection
2012/02/09 15:27:55 +0100 ROMANO-PC Romano MESSAGE IP Protection started successfully
2012/02/09 15:36:03 +0100 ROMANO-PC Romano MESSAGE Starting protection
2012/02/09 15:36:05 +0100 ROMANO-PC Romano MESSAGE Protection started successfully
2012/02/09 15:36:08 +0100 ROMANO-PC Romano MESSAGE Starting IP protection
2012/02/09 15:36:10 +0100 ROMANO-PC Romano MESSAGE IP Protection started successfully
2012/02/09 15:45:55 +0100 ROMANO-PC Romano IP-BLOCK 89.28.106.149 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
2012/02/09 15:47:00 +0100 ROMANO-PC Romano IP-BLOCK 89.28.38.152 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
2012/02/09 16:40:42 +0100 ROMANO-PC Romano IP-BLOCK 89.28.84.43 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)

Ach ja übrigens, ich benutze nicht den I.E: sondern den Firefox 13------

hi
finger weg von
softonic :-)
lade software ausschließlich beim hersteller.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

C:\Windows\system32\*.tsp

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Hier der Scan von OTL:
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.04.23 12:48:12 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Ad-Aware Antivirus
[2012.04.22 00:00:45 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AnvSoft
[2011.12.10 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Ashampoo
[2011.11.22 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\ASUS
[2011.12.16 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AutoScreenShotMaker
[2012.02.09 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AVG2012
[2012.04.26 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\avidemux
[2011.11.08 20:52:17 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Babylon
[2011.11.26 20:43:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\biu software
[2012.11.28 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Broad Intelligence
[2011.08.25 20:33:17 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Canneverbe Limited
[2012.07.30 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\CD Art Display
[2013.01.20 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Claro LTD
[2011.10.12 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Cocoon Software
[2011.12.10 20:13:39 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DeepBurner
[2011.12.16 02:23:20 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DonationCoder
[2012.11.23 00:20:48 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Dr. DivX 2.0 OSS
[2012.08.22 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DVDVideoSoft
[2012.03.06 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\EPSON
[2011.09.09 23:07:28 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\eSobi
[2011.10.12 23:47:15 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FileCommander
[2012.04.22 00:26:14 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Free Audio Editor
[2011.12.10 21:03:39 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreeBurner
[2012.02.14 16:52:50 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreePDF
[2012.11.22 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreeVideoConverter
[2012.02.18 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\GetRightToGo
[2012.04.02 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\gtk-2.0
[2012.03.13 14:42:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\inkscape
[2011.09.26 18:53:19 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Leadertech
[2011.11.04 13:52:16 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\LibreOffice
[2012.02.25 16:51:36 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Lingo4u
[2011.12.11 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\NCH Swift Sound
[2011.09.12 13:30:02 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Nullsoft
[2011.12.15 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\OCS
[2011.08.25 10:43:28 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\OpenOffice.org
[2012.02.08 18:14:43 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Opera
[2012.02.09 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Panda Security
[2011.12.08 19:19:53 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\PhotoFiltre
[2011.12.16 02:32:04 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\picpick
[2012.06.17 13:44:01 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Q-Dir
[2012.07.17 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Scribus
[2011.12.16 02:17:37 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\SimpleScreenshot
[2011.08.27 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Skinux
[2011.09.20 11:35:52 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Softland
[2011.08.24 23:45:22 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Thunderbird
[2011.11.12 13:58:34 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Tific
[2012.11.28 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\WinFF
[2012.11.22 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Xilisoft
[2012.04.21 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\XMedia Recode

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98353363

< End of report >

und warum nur halbe Logs?

Wie halbe Logs?
Ich habe mit der Software einen Quik Skan gemacht,-wie beschrieben--

hi und wenn du die txt's noch mal öffnest, siehst du, dass keine von den beiden mit
"ThreadingModel" = Free
beginnt, da fehlt einiges :-)

Hier ist der vollständige Scan:OTL Logfile:

Code:

OTL logfile created on: 08.02.2013 18:45:21 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Romano\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,95% Memory free

7,98 Gb Paging File | 6,13 Gb Available in Paging File | 76,85% Paging File free

Paging file location(s): b:\pagefile.sys 4087 4087c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 358,91 Gb Total Space | 285,54 Gb Free Space | 79,56% Space Free | Partition Type: NTFS

Drive D: | 398,72 Gb Total Space | 270,25 Gb Free Space | 67,78% Space Free | Partition Type: NTFS

Drive E: | 100,00 Mb Total Space | 70,25 Mb Free Space | 70,25% Space Free | Partition Type: NTFS

Drive F: | 15,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: ROMANO-PC | User Name: Romano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Romano\Downloads\OTL(1).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe ()

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.1.0.24\wincfi39.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()

MOD - C:\Windows\SysWOW64\APOMngr.DLL ()

MOD - C:\Windows\SysWOW64\OemSpiE.dll ()

MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)

SRV - (SumatraPDFUpdater) -- C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe ()

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys (Symantec Corporation)

DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)

DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (dvdfab) -- C:\Windows\SysNative\drivers\dvdfab.sys (Fengtao Software Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (Sunbelt Software, Inc.)

DRV:64bit: - (SbTis) -- C:\Windows\SysNative\drivers\sbtis.sys (Sunbelt Software, Inc.)

DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (Sunbelt Software, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121225.003\ex64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilDrv11220) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121225.003\eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20120811.001\IDSVia64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys (Symantec Corporation)

DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x64\sandra.sys (SiSoftware)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (Asushwio) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=118660&tt=0313_4&babsrc=HP_ss&mntrId=60cf961f000000000000d02788140cf1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 1F 5F ED 43 F4 CD 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=118660&tt=0313_4&babsrc=SP_ss&mntrId=60cf961f000000000000d02788140cf1

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: nosquint@urandom.ca:2.1.6

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3

FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.1.1

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120328-0404: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.02.08 13:20:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.02.08 13:20:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Users\Romano\AppData\Local\AddLyrics\FF\

 

[2012.08.01 16:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Extensions

[2011.08.24 23:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2013.01.20 20:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions

[2012.12.27 15:45:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.09.25 21:47:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions\ich@maltegoetz.de

[2013.01.20 20:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\9hro88k3.default\extensions

[2012.08.01 16:33:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\9hro88k3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.09.23 11:55:21 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\nosquint@urandom.ca.xpi

[2013.02.01 13:32:27 | 000,111,083 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

[2013.02.01 12:36:46 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.20 20:31:46 | 000,001,300 | ---- | M] () -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\searchplugins\claro.xml

[2013.01.08 15:16:42 | 000,003,224 | ---- | M] () -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\searchplugins\webde-suche.xml

[2012.09.23 11:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.23 11:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com

[2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.01.20 20:31:35 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: 

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SumatraPDF) - {EA58BBDF-F45C-4F28-8E52-CD5AA70D2C1E} - C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDF.dll (Krzysztof Kowalczyk)

O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found

O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6ACFEF-17AC-4A13-9AA4-742E3430E787}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk /p \??\L:)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.08 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.02.08 13:49:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.02.08 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.02.08 13:48:38 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Local\Programs

[2013.02.08 13:30:33 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2013.02.08 13:18:45 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013.02.08 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2013.02.08 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2013.02.08 13:17:50 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys

[2013.02.08 13:17:50 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM.sys

[2013.02.08 13:17:49 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys

[2013.02.08 13:17:49 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys

[2013.02.08 13:17:49 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys

[2013.02.08 13:17:48 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys

[2013.02.08 13:17:48 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys

[2013.02.08 13:17:48 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys

[2013.02.08 13:17:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64

[2013.02.08 13:17:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1401000.018

[2013.02.08 13:17:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2013.02.08 13:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360

[2013.02.04 20:14:52 | 000,000,000 | ---D | C] -- C:\Users\Romano\Documents\Scanned Documents

[2013.02.04 20:14:52 | 000,000,000 | ---D | C] -- C:\Users\Romano\Documents\Fax

[2013.01.26 20:55:05 | 000,000,000 | -H-D | C] -- C:\Users\Romano\Documents\Freemake_do_not_remove_this_folder634948305053694030

[2013.01.22 12:44:07 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Local\NPE

[2013.01.20 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fat32Formatter1.1EN

[2013.01.20 20:31:46 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Roaming\Claro LTD

[2013.01.20 20:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2013.01.18 17:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2013.01.17 19:05:22 | 000,000,000 | -H-D | C] -- C:\Users\Romano\Documents\Freemake_do_not_remove_this_folder634940463221574373

[2013.01.14 19:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2013.01.14 16:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.10.27 07:17:30 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.08 18:42:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.08 14:52:09 | 000,037,619 | ---- | M] () -- C:\Windows\Q-Dir.ini

[2013.02.08 13:49:18 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.08 13:30:22 | 001,996,111 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB

[2013.02.08 13:24:57 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.08 13:24:57 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.08 13:18:45 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013.02.08 13:18:45 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013.02.08 13:18:45 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013.02.08 13:17:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.08 13:17:20 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2013.02.08 13:17:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.08 13:17:00 | 3214,745,600 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.03 21:00:07 | 000,009,622 | ---- | M] () -- C:\Users\Romano\Documents\Ihre Unterstützungsbekundung ist eingegangen! - Online-Sammelsystem.pdf

[2013.02.03 20:33:17 | 000,007,597 | ---- | M] () -- C:\Users\Romano\AppData\Local\resmon.resmoncfg

[2013.01.30 16:52:48 | 000,051,212 | ---- | M] () -- C:\Users\Romano\Documents\proprietär – Wikipedia.pdf

[2013.01.30 10:26:29 | 000,014,253 | ---- | M] () -- C:\Users\Romano\Documents\JOBBÖRSE - Stellenangebot.pdf

[2013.01.22 14:27:00 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.01.22 14:27:00 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.01.22 14:27:00 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.01.22 14:27:00 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.01.22 14:27:00 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.01.22 11:58:07 | 000,001,619 | ---- | M] () -- C:\Users\Romano\Desktop\DivX Movies.lnk

[2013.01.18 13:08:59 | 000,501,612 | ---- | M] () -- C:\Users\Romano\Documents\Kauf erfolgreich.pdf

[2013.01.17 22:13:11 | 000,651,237 | ---- | M] () -- C:\Users\Romano\Documents\Beim Kopieren wird mir immer der Dateizugriff verweigert.pdf

[2013.01.17 17:10:44 | 000,000,680 | RHS- | M] () -- C:\Users\Romano\ntuser.pol

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.02.08 13:49:18 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.08 13:30:01 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2013.02.08 13:18:49 | 001,996,111 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB

[2013.02.08 13:18:46 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013.02.08 13:18:46 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013.02.08 13:17:30 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM64.cat

[2013.02.08 13:17:30 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymVTcer.dat

[2013.02.08 13:17:30 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.cat

[2013.02.08 13:17:30 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.cat

[2013.02.08 13:17:30 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.cat

[2013.02.08 13:17:30 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnet64.cat

[2013.02.08 13:17:30 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.cat

[2013.02.08 13:17:30 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.cat

[2013.02.08 13:17:30 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\iron.cat

[2013.02.08 13:17:30 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA.inf

[2013.02.08 13:17:30 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS.inf

[2013.02.08 13:17:30 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymNet.inf

[2013.02.08 13:17:30 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.inf

[2013.02.08 13:17:30 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.inf

[2013.02.08 13:17:30 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symELAM.inf

[2013.02.08 13:17:30 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.inf

[2013.02.08 13:17:30 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Iron.inf

[2013.02.08 13:17:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\isolate.ini

[2013.02.03 21:00:06 | 000,009,622 | ---- | C] () -- C:\Users\Romano\Documents\Ihre Unterstützungsbekundung ist eingegangen! - Online-Sammelsystem.pdf

[2013.01.30 16:52:46 | 000,051,212 | ---- | C] () -- C:\Users\Romano\Documents\proprietär – Wikipedia.pdf

[2013.01.18 13:08:57 | 000,501,612 | ---- | C] () -- C:\Users\Romano\Documents\Kauf erfolgreich.pdf

[2013.01.17 22:13:05 | 000,651,237 | ---- | C] () -- C:\Users\Romano\Documents\Beim Kopieren wird mir immer der Dateizugriff verweigert.pdf

[2013.01.17 17:10:44 | 000,000,680 | RHS- | C] () -- C:\Users\Romano\ntuser.pol

[2012.12.28 23:28:29 | 000,001,483 | ---- | C] () -- C:\Users\Romano\AppData\Local\recently-used.xbel

[2012.12.28 21:07:49 | 000,000,022 | ---- | C] () -- C:\Users\Romano\AppData\Local\kodakpcd.ini

[2012.12.27 09:16:20 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.22 20:54:37 | 000,004,923 | ---- | C] () -- C:\ProgramData\drctchbl.xvi

[2012.11.22 20:53:29 | 000,004,948 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik

[2012.10.27 12:13:11 | 000,000,047 | ---- | C] () -- C:\Windows\wininit.ini

[2012.10.01 06:17:22 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe

[2012.09.29 23:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini

[2012.09.25 06:30:54 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll

[2012.09.25 06:30:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012.09.25 06:29:20 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

[2012.09.25 06:29:00 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll

[2012.09.25 06:29:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll

[2012.09.25 06:29:00 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2012.09.25 06:28:58 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll

[2012.09.25 06:28:58 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll

[2012.09.25 06:28:58 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll

[2012.07.19 19:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll

[2012.07.19 19:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll

[2012.07.19 19:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll

[2012.07.19 19:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll

[2012.07.19 19:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll

[2012.07.19 19:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll

[2012.07.19 19:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll

[2012.06.17 22:15:04 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\spdif_test.exe

[2012.06.17 22:14:58 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe

[2012.06.17 22:14:42 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll

[2012.06.02 22:12:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2012.05.27 22:12:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\machinist2.dll

[2012.05.25 14:06:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2012.05.12 23:42:16 | 001,272,320 | ---- | C] () -- C:\Windows\SysWow64\avcodec-53.dll

[2012.05.12 23:42:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\avutil-51.dll

[2012.04.23 01:20:57 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\ASILOCK.DLL

[2012.04.22 21:29:29 | 000,000,393 | ---- | C] () -- C:\Users\Romano\AppData\Local\HamsterVideoConverterSettings.cfg

[2012.03.06 16:49:11 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI

[2012.03.06 15:55:09 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2012.03.06 15:55:09 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2012.03.06 15:55:09 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2012.03.06 15:55:09 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2012.03.06 15:55:09 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2012.03.06 15:55:09 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2012.03.06 15:55:09 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2012.03.06 15:55:09 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2012.03.06 15:55:09 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2012.03.06 15:55:09 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2012.03.06 15:55:09 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2012.03.06 15:55:09 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2012.03.06 15:55:09 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2012.03.06 15:55:09 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2012.03.06 15:55:09 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2012.03.06 15:55:09 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2012.03.06 15:55:09 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2012.03.06 15:55:09 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2012.03.06 15:55:09 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2012.03.06 15:03:15 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC66SeriesEuro.ini

[2012.03.01 16:57:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2012.03.01 16:52:40 | 002,117,678 | ---- | C] () -- C:\Program Files (x86)\7_Fade.scr

[2012.03.01 16:46:07 | 000,033,443 | ---- | C] () -- C:\Windows\fire-un.exe

[2012.02.09 17:36:36 | 000,000,000 | ---- | C] () -- C:\Windows\PestPatrol5.INI

[2012.02.08 21:53:57 | 011,329,536 | ---- | C] () -- C:\Users\Romano\AppData\Roaming\Sandra.mdb

[2012.02.02 19:48:29 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini

[2011.12.16 02:23:20 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2011.12.16 02:23:20 | 000,000,058 | ---- | C] () -- C:\Users\Romano\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2011.12.15 16:22:33 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2011.12.11 02:29:34 | 000,000,659 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011.12.11 02:29:16 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini

[2011.12.11 00:43:17 | 000,000,206 | ---- | C] () -- C:\Users\Romano\AppData\Roaming\burnaware.ini

[2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll

[2011.11.22 17:41:06 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI

[2011.11.22 16:34:39 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011.11.22 16:34:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011.11.22 16:34:38 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini

[2011.11.22 16:34:38 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini

[2011.11.22 16:34:38 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini

[2011.11.22 16:34:38 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini

[2011.11.22 16:34:38 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini

[2011.11.22 16:34:38 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini

[2011.11.22 16:34:38 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini

[2011.11.22 16:34:38 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini

[2011.11.22 16:34:38 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini

[2011.11.22 16:34:37 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll

[2011.11.22 16:34:37 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini

[2011.11.22 16:34:37 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini

[2011.11.22 14:55:09 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe

[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.11.08 17:53:53 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini

[2011.11.08 17:53:53 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg

[2011.11.08 17:53:53 | 000,000,103 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi

[2011.11.06 02:20:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

[2011.11.01 00:00:10 | 000,037,619 | ---- | C] () -- C:\Windows\Q-Dir.ini

[2011.10.31 16:41:24 | 000,007,680 | ---- | C] () -- C:\Users\Romano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.24 19:08:06 | 000,007,597 | ---- | C] () -- C:\Users\Romano\AppData\Local\resmon.resmoncfg

[2011.09.27 14:45:40 | 000,825,072 | ---- | C] () -- C:\Users\Romano\AppData\Local\census.cache

[2011.09.27 14:45:31 | 000,107,898 | ---- | C] () -- C:\Users\Romano\AppData\Local\ars.cache

[2011.09.27 14:35:56 | 000,000,036 | ---- | C] () -- C:\Users\Romano\AppData\Local\housecall.guid.cache

[2011.09.22 15:53:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.09.08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll

[2011.09.08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll

[2011.09.08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll

[2011.09.08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll

[2011.09.08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe

[2011.09.08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll

[2011.09.08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe

[2011.09.08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe

[2011.09.08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll

[2011.09.08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll

[2011.08.26 23:11:07 | 000,000,000 | ---- | C] () -- C:\Windows\Alienware Screensaver - Vista.ini

[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll

[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll

[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll

[2011.02.11 11:26:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.04.23 12:48:12 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Ad-Aware Antivirus

[2012.04.22 00:00:45 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AnvSoft

[2011.12.10 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Ashampoo

[2011.11.22 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\ASUS

[2011.12.16 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AutoScreenShotMaker

[2012.02.09 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AVG2012

[2012.04.26 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\avidemux

[2011.11.08 20:52:17 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Babylon

[2011.11.26 20:43:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\biu software

[2012.11.28 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Broad Intelligence

[2011.08.25 20:33:17 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Canneverbe Limited

[2012.07.30 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\CD Art Display

[2013.01.20 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Claro LTD

[2011.10.12 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Cocoon Software

[2011.12.10 20:13:39 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DeepBurner

[2011.12.16 02:23:20 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DonationCoder

[2012.11.23 00:20:48 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Dr. DivX 2.0 OSS

[2012.08.22 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DVDVideoSoft

[2012.03.06 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\EPSON

[2011.09.09 23:07:28 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\eSobi

[2011.10.12 23:47:15 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FileCommander

[2012.04.22 00:26:14 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Free Audio Editor

[2011.12.10 21:03:39 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreeBurner

[2012.02.14 16:52:50 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreePDF

[2012.11.22 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreeVideoConverter

[2012.02.18 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\GetRightToGo

[2012.04.02 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\gtk-2.0

[2012.03.13 14:42:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\inkscape

[2011.09.26 18:53:19 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Leadertech

[2011.11.04 13:52:16 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\LibreOffice

[2012.02.25 16:51:36 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Lingo4u

[2011.12.11 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\NCH Swift Sound

[2011.09.12 13:30:02 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Nullsoft

[2011.12.15 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\OCS

[2011.08.25 10:43:28 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\OpenOffice.org

[2012.02.08 18:14:43 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Opera

[2012.02.09 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Panda Security

[2011.12.08 19:19:53 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\PhotoFiltre

[2011.12.16 02:32:04 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\picpick

[2012.06.17 13:44:01 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Q-Dir

[2012.07.17 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Scribus

[2011.12.16 02:17:37 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\SimpleScreenshot

[2011.08.27 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Skinux

[2011.09.20 11:35:52 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Softland

[2011.08.24 23:45:22 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Thunderbird

[2011.11.12 13:58:34 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Tific

[2012.11.28 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\WinFF

[2012.11.22 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Xilisoft

[2012.04.21 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\XMedia Recode

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98353363
 

< End of report >

--- --- ---

und wiso hast du nicht so gescant wie beschrieben, bitte noch mal lesen.

Ich habe nun alles eingestellt wie beschrieben,-trotzdem fängt der Text nicht mit "ThreadingModel" = Free an
Meinst du vieleicht ein Vollscan?OTL Logfile:

Code:

OTL logfile created on: 08.02.2013 19:23:31 - Run 5

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Romano\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,96% Memory free

7,98 Gb Paging File | 6,45 Gb Available in Paging File | 80,78% Paging File free

Paging file location(s): b:\pagefile.sys 4087 4087c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 358,91 Gb Total Space | 285,54 Gb Free Space | 79,56% Space Free | Partition Type: NTFS

Drive D: | 398,72 Gb Total Space | 270,25 Gb Free Space | 67,78% Space Free | Partition Type: NTFS

Drive E: | 100,00 Mb Total Space | 70,25 Mb Free Space | 70,25% Space Free | Partition Type: NTFS

Drive F: | 15,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: ROMANO-PC | User Name: Romano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.02.08 18:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Romano\Downloads\OTL(1).exe

PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.08.18 18:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe

PRC - [2012.05.10 15:30:40 | 000,018,432 | ---- | M] () -- C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe

PRC - [2011.08.19 08:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.1.0.24\wincfi39.dll

MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009.03.17 11:39:46 | 000,148,992 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll

MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.08.18 18:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe -- (N360)

SRV - [2012.05.10 15:30:40 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe -- (SumatraPDFUpdater)

SRV - [2011.08.19 08:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2010.11.20 03:21:38 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.02.04 00:38:36 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2013.02.08 13:18:45 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012.08.10 18:26:44 | 000,776,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012.08.07 22:18:20 | 001,132,192 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2012.08.06 18:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys -- (ccSet_N360)

DRV:64bit: - [2012.07.27 20:25:32 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys -- (SymDS)

DRV:64bit: - [2012.07.27 20:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys -- (SymIRON)

DRV:64bit: - [2012.07.22 18:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys -- (SymNetS)

DRV:64bit: - [2012.05.24 22:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2011.12.16 00:00:09 | 000,132,704 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)

DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.08.15 14:51:40 | 000,079,232 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)

DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.07.06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2011.04.05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)

DRV:64bit: - [2011.04.05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)

DRV:64bit: - [2011.04.05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)

DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.05.14 23:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2010.05.14 23:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2010.05.14 23:00:28 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)

DRV:64bit: - [2010.03.04 20:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009.08.23 17:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.04 03:22:40 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)

DRV - [2012.12.25 01:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121225.003\ex64.sys -- (NAVEX15)

DRV - [2012.12.25 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012.12.25 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)

DRV - [2012.12.25 01:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121225.003\eng64.sys -- (NAVENG)

DRV - [2012.08.10 18:34:04 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20120811.001\IDSVia64.sys -- (IDSVia64)

DRV - [2012.08.10 18:28:34 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x64\sandra.sys -- (SANDRA)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2000.03.29 15:17:42 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS -- (Asushwio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=118660&tt=0313_4&babsrc=HP_ss&mntrId=60cf961f000000000000d02788140cf1

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 1F 5F ED 43 F4 CD 01  [binary data]

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=118660&tt=0313_4&babsrc=SP_ss&mntrId=60cf961f000000000000d02788140cf1

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: nosquint@urandom.ca:2.1.6

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3

FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.1.1

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120328-0404: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.02.08 13:20:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.02.08 13:20:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Users\Romano\AppData\Local\AddLyrics\FF\

 

[2012.08.01 16:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Extensions

[2011.08.24 23:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2013.01.20 20:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions

[2012.12.27 15:45:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.09.25 21:47:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions\ich@maltegoetz.de

[2013.01.20 20:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\9hro88k3.default\extensions

[2012.08.01 16:33:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\9hro88k3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.09.23 11:55:21 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\nosquint@urandom.ca.xpi

[2013.02.01 13:32:27 | 000,111,083 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

[2013.02.01 12:36:46 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.20 20:31:46 | 000,001,300 | ---- | M] () -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\searchplugins\claro.xml

[2013.01.08 15:16:42 | 000,003,224 | ---- | M] () -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\searchplugins\webde-suche.xml

[2012.09.23 11:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.23 11:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com

[2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.01.20 20:31:35 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: 

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SumatraPDF) - {EA58BBDF-F45C-4F28-8E52-CD5AA70D2C1E} - C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDF.dll (Krzysztof Kowalczyk)

O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found

O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6ACFEF-17AC-4A13-9AA4-742E3430E787}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk /p \??\L:)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.08 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.02.08 13:49:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.02.08 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.02.08 13:48:38 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Local\Programs

[2013.02.08 13:30:33 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2013.02.08 13:18:45 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013.02.08 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2013.02.08 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2013.02.08 13:17:50 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys

[2013.02.08 13:17:50 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM.sys

[2013.02.08 13:17:49 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys

[2013.02.08 13:17:49 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys

[2013.02.08 13:17:49 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys

[2013.02.08 13:17:48 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys

[2013.02.08 13:17:48 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys

[2013.02.08 13:17:48 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys

[2013.02.08 13:17:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64

[2013.02.08 13:17:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1401000.018

[2013.02.08 13:17:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2013.02.08 13:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360

[2013.02.04 20:14:52 | 000,000,000 | ---D | C] -- C:\Users\Romano\Documents\Scanned Documents

[2013.02.04 20:14:52 | 000,000,000 | ---D | C] -- C:\Users\Romano\Documents\Fax

[2013.01.26 20:55:05 | 000,000,000 | -H-D | C] -- C:\Users\Romano\Documents\Freemake_do_not_remove_this_folder634948305053694030

[2013.01.22 12:44:07 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Local\NPE

[2013.01.20 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fat32Formatter1.1EN

[2013.01.20 20:31:46 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Roaming\Claro LTD

[2013.01.20 20:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2013.01.18 17:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2013.01.17 19:05:22 | 000,000,000 | -H-D | C] -- C:\Users\Romano\Documents\Freemake_do_not_remove_this_folder634940463221574373

[2013.01.14 19:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2013.01.14 16:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.10.27 07:17:30 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.08 18:42:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.08 14:52:09 | 000,037,619 | ---- | M] () -- C:\Windows\Q-Dir.ini

[2013.02.08 13:49:18 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.08 13:30:22 | 001,996,111 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB

[2013.02.08 13:24:57 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.08 13:24:57 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.08 13:18:45 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013.02.08 13:18:45 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013.02.08 13:18:45 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013.02.08 13:17:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.08 13:17:20 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2013.02.08 13:17:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.08 13:17:00 | 3214,745,600 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.03 21:00:07 | 000,009,622 | ---- | M] () -- C:\Users\Romano\Documents\Ihre Unterstützungsbekundung ist eingegangen! - Online-Sammelsystem.pdf

[2013.02.03 20:33:17 | 000,007,597 | ---- | M] () -- C:\Users\Romano\AppData\Local\resmon.resmoncfg

[2013.01.30 16:52:48 | 000,051,212 | ---- | M] () -- C:\Users\Romano\Documents\proprietär – Wikipedia.pdf

[2013.01.30 10:26:29 | 000,014,253 | ---- | M] () -- C:\Users\Romano\Documents\JOBBÖRSE - Stellenangebot.pdf

[2013.01.22 14:27:00 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.01.22 14:27:00 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.01.22 14:27:00 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.01.22 14:27:00 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.01.22 14:27:00 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.01.22 11:58:07 | 000,001,619 | ---- | M] () -- C:\Users\Romano\Desktop\DivX Movies.lnk

[2013.01.18 13:08:59 | 000,501,612 | ---- | M] () -- C:\Users\Romano\Documents\Kauf erfolgreich.pdf

[2013.01.17 22:13:11 | 000,651,237 | ---- | M] () -- C:\Users\Romano\Documents\Beim Kopieren wird mir immer der Dateizugriff verweigert.pdf

[2013.01.17 17:10:44 | 000,000,680 | RHS- | M] () -- C:\Users\Romano\ntuser.pol

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.02.08 13:49:18 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.08 13:30:01 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2013.02.08 13:18:49 | 001,996,111 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB

[2013.02.08 13:18:46 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013.02.08 13:18:46 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013.02.08 13:17:30 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM64.cat

[2013.02.08 13:17:30 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymVTcer.dat

[2013.02.08 13:17:30 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.cat

[2013.02.08 13:17:30 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.cat

[2013.02.08 13:17:30 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.cat

[2013.02.08 13:17:30 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnet64.cat

[2013.02.08 13:17:30 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.cat

[2013.02.08 13:17:30 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.cat

[2013.02.08 13:17:30 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\iron.cat

[2013.02.08 13:17:30 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA.inf

[2013.02.08 13:17:30 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS.inf

[2013.02.08 13:17:30 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymNet.inf

[2013.02.08 13:17:30 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.inf

[2013.02.08 13:17:30 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.inf

[2013.02.08 13:17:30 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symELAM.inf

[2013.02.08 13:17:30 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.inf

[2013.02.08 13:17:30 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Iron.inf

[2013.02.08 13:17:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\isolate.ini

[2013.02.03 21:00:06 | 000,009,622 | ---- | C] () -- C:\Users\Romano\Documents\Ihre Unterstützungsbekundung ist eingegangen! - Online-Sammelsystem.pdf

[2013.01.30 16:52:46 | 000,051,212 | ---- | C] () -- C:\Users\Romano\Documents\proprietär – Wikipedia.pdf

[2013.01.18 13:08:57 | 000,501,612 | ---- | C] () -- C:\Users\Romano\Documents\Kauf erfolgreich.pdf

[2013.01.17 22:13:05 | 000,651,237 | ---- | C] () -- C:\Users\Romano\Documents\Beim Kopieren wird mir immer der Dateizugriff verweigert.pdf

[2013.01.17 17:10:44 | 000,000,680 | RHS- | C] () -- C:\Users\Romano\ntuser.pol

[2012.12.28 23:28:29 | 000,001,483 | ---- | C] () -- C:\Users\Romano\AppData\Local\recently-used.xbel

[2012.12.28 21:07:49 | 000,000,022 | ---- | C] () -- C:\Users\Romano\AppData\Local\kodakpcd.ini

[2012.12.27 09:16:20 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.22 20:54:37 | 000,004,923 | ---- | C] () -- C:\ProgramData\drctchbl.xvi

[2012.11.22 20:53:29 | 000,004,948 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik

[2012.10.27 12:13:11 | 000,000,047 | ---- | C] () -- C:\Windows\wininit.ini

[2012.10.01 06:17:22 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe

[2012.09.29 23:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini

[2012.09.25 06:30:54 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll

[2012.09.25 06:30:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012.09.25 06:29:20 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

[2012.09.25 06:29:00 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll

[2012.09.25 06:29:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll

[2012.09.25 06:29:00 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2012.09.25 06:28:58 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll

[2012.09.25 06:28:58 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll

[2012.09.25 06:28:58 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll

[2012.07.19 19:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll

[2012.07.19 19:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll

[2012.07.19 19:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll

[2012.07.19 19:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll

[2012.07.19 19:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll

[2012.07.19 19:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll

[2012.07.19 19:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll

[2012.06.17 22:15:04 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\spdif_test.exe

[2012.06.17 22:14:58 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe

[2012.06.17 22:14:42 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll

[2012.06.02 22:12:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2012.05.27 22:12:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\machinist2.dll

[2012.05.25 14:06:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2012.05.12 23:42:16 | 001,272,320 | ---- | C] () -- C:\Windows\SysWow64\avcodec-53.dll

[2012.05.12 23:42:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\avutil-51.dll

[2012.04.23 01:20:57 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\ASILOCK.DLL

[2012.04.22 21:29:29 | 000,000,393 | ---- | C] () -- C:\Users\Romano\AppData\Local\HamsterVideoConverterSettings.cfg

[2012.03.06 16:49:11 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI

[2012.03.06 15:55:09 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2012.03.06 15:55:09 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2012.03.06 15:55:09 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2012.03.06 15:55:09 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2012.03.06 15:55:09 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2012.03.06 15:55:09 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2012.03.06 15:55:09 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2012.03.06 15:55:09 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2012.03.06 15:55:09 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2012.03.06 15:55:09 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2012.03.06 15:55:09 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2012.03.06 15:55:09 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2012.03.06 15:55:09 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2012.03.06 15:55:09 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2012.03.06 15:55:09 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2012.03.06 15:55:09 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2012.03.06 15:55:09 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2012.03.06 15:55:09 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2012.03.06 15:55:09 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2012.03.06 15:03:15 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC66SeriesEuro.ini

[2012.03.01 16:57:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2012.03.01 16:52:40 | 002,117,678 | ---- | C] () -- C:\Program Files (x86)\7_Fade.scr

[2012.03.01 16:46:07 | 000,033,443 | ---- | C] () -- C:\Windows\fire-un.exe

[2012.02.09 17:36:36 | 000,000,000 | ---- | C] () -- C:\Windows\PestPatrol5.INI

[2012.02.08 21:53:57 | 011,329,536 | ---- | C] () -- C:\Users\Romano\AppData\Roaming\Sandra.mdb

[2012.02.02 19:48:29 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini

[2011.12.16 02:23:20 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2011.12.16 02:23:20 | 000,000,058 | ---- | C] () -- C:\Users\Romano\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2011.12.15 16:22:33 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2011.12.11 02:29:34 | 000,000,659 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011.12.11 02:29:16 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini

[2011.12.11 00:43:17 | 000,000,206 | ---- | C] () -- C:\Users\Romano\AppData\Roaming\burnaware.ini

[2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll

[2011.11.22 17:41:06 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI

[2011.11.22 16:34:39 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011.11.22 16:34:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011.11.22 16:34:38 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini

[2011.11.22 16:34:38 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini

[2011.11.22 16:34:38 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini

[2011.11.22 16:34:38 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini

[2011.11.22 16:34:38 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini

[2011.11.22 16:34:38 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini

[2011.11.22 16:34:38 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini

[2011.11.22 16:34:38 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini

[2011.11.22 16:34:38 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini

[2011.11.22 16:34:37 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll

[2011.11.22 16:34:37 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini

[2011.11.22 16:34:37 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini

[2011.11.22 14:55:09 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe

[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.11.08 17:53:53 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini

[2011.11.08 17:53:53 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg

[2011.11.08 17:53:53 | 000,000,103 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi

[2011.11.06 02:20:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

[2011.11.01 00:00:10 | 000,037,619 | ---- | C] () -- C:\Windows\Q-Dir.ini

[2011.10.31 16:41:24 | 000,007,680 | ---- | C] () -- C:\Users\Romano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.24 19:08:06 | 000,007,597 | ---- | C] () -- C:\Users\Romano\AppData\Local\resmon.resmoncfg

[2011.09.27 14:45:40 | 000,825,072 | ---- | C] () -- C:\Users\Romano\AppData\Local\census.cache

[2011.09.27 14:45:31 | 000,107,898 | ---- | C] () -- C:\Users\Romano\AppData\Local\ars.cache

[2011.09.27 14:35:56 | 000,000,036 | ---- | C] () -- C:\Users\Romano\AppData\Local\housecall.guid.cache

[2011.09.22 15:53:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.09.08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll

[2011.09.08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll

[2011.09.08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll

[2011.09.08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll

[2011.09.08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe

[2011.09.08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll

[2011.09.08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe

[2011.09.08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe

[2011.09.08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll

[2011.09.08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll

[2011.08.26 23:11:07 | 000,000,000 | ---- | C] () -- C:\Windows\Alienware Screensaver - Vista.ini

[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll

[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll

[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll

[2011.02.11 11:26:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.01.19 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org

[2013.01.18 23:26:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Q-Dir

[2013.01.19 01:17:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird

[2012.04.23 12:48:12 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Ad-Aware Antivirus

[2012.04.22 00:00:45 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AnvSoft

[2011.12.10 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Ashampoo

[2011.11.22 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\ASUS

[2011.12.16 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AutoScreenShotMaker

[2012.02.09 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\AVG2012

[2012.04.26 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\avidemux

[2011.11.08 20:52:17 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Babylon

[2011.11.26 20:43:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\biu software

[2012.11.28 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Broad Intelligence

[2011.08.25 20:33:17 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Canneverbe Limited

[2012.07.30 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\CD Art Display

[2013.01.20 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Claro LTD

[2011.10.12 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Cocoon Software

[2011.12.10 20:13:39 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DeepBurner

[2011.12.16 02:23:20 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DonationCoder

[2012.11.23 00:20:48 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Dr. DivX 2.0 OSS

[2012.08.22 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\DVDVideoSoft

[2012.03.06 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\EPSON

[2011.09.09 23:07:28 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\eSobi

[2011.10.12 23:47:15 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FileCommander

[2012.04.22 00:26:14 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Free Audio Editor

[2011.12.10 21:03:39 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreeBurner

[2012.02.14 16:52:50 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreePDF

[2012.11.22 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\FreeVideoConverter

[2012.02.18 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\GetRightToGo

[2012.04.02 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\gtk-2.0

[2012.03.13 14:42:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\inkscape

[2011.09.26 18:53:19 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Leadertech

[2011.11.04 13:52:16 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\LibreOffice

[2012.02.25 16:51:36 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Lingo4u

[2011.12.11 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\NCH Swift Sound

[2011.09.12 13:30:02 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Nullsoft

[2011.12.15 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\OCS

[2011.08.25 10:43:28 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\OpenOffice.org

[2012.02.08 18:14:43 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Opera

[2012.02.09 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Panda Security

[2011.12.08 19:19:53 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\PhotoFiltre

[2011.12.16 02:32:04 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\picpick

[2012.06.17 13:44:01 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Q-Dir

[2012.07.17 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Scribus

[2011.12.16 02:17:37 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\SimpleScreenshot

[2011.08.27 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Skinux

[2011.09.20 11:35:52 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Softland

[2011.08.24 23:45:22 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Thunderbird

[2011.11.12 13:58:34 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Tific

[2012.11.28 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\WinFF

[2012.11.22 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\Xilisoft

[2012.04.21 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Romano\AppData\Roaming\XMedia Recode

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98353363
 

< End of report >

--- --- ---

lies doch bitte meinen Post zu otl, da stehts eigendlich drinn was ich sehen will

Hier der komplett Scan:OTL Logfile:

Code:

OTL logfile created on: 08.02.2013 19:43:56 - Run 6

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Romano\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,99 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,38% Memory free

7,98 Gb Paging File | 6,09 Gb Available in Paging File | 76,30% Paging File free

Paging file location(s): b:\pagefile.sys 4087 4087c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 358,91 Gb Total Space | 285,54 Gb Free Space | 79,56% Space Free | Partition Type: NTFS

Drive D: | 398,72 Gb Total Space | 270,25 Gb Free Space | 67,78% Space Free | Partition Type: NTFS

Drive E: | 100,00 Mb Total Space | 70,25 Mb Free Space | 70,25% Space Free | Partition Type: NTFS

Drive F: | 15,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: ROMANO-PC | User Name: Romano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Romano\Downloads\OTL(1).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe ()

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.1.0.24\wincfi39.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()

MOD - C:\Windows\SysWOW64\APOMngr.DLL ()

MOD - C:\Windows\SysWOW64\OemSpiE.dll ()

MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)

SRV - (SumatraPDFUpdater) -- C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe ()

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys (Symantec Corporation)

DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)

DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (dvdfab) -- C:\Windows\SysNative\drivers\dvdfab.sys (Fengtao Software Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (Sunbelt Software, Inc.)

DRV:64bit: - (SbTis) -- C:\Windows\SysNative\drivers\sbtis.sys (Sunbelt Software, Inc.)

DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (Sunbelt Software, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121225.003\ex64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilDrv11220) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121225.003\eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20120811.001\IDSVia64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys (Symantec Corporation)

DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x64\sandra.sys (SiSoftware)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (Asushwio) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=118660&tt=0313_4&babsrc=HP_ss&mntrId=60cf961f000000000000d02788140cf1

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 1F 5F ED 43 F4 CD 01  [binary data]

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=118660&tt=0313_4&babsrc=SP_ss&mntrId=60cf961f000000000000d02788140cf1

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948

IE - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: nosquint@urandom.ca:2.1.6

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3

FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.1.1

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120328-0404: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.02.08 13:20:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.02.08 13:20:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.22 23:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.11 12:00:50 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Users\Romano\AppData\Local\AddLyrics\FF\

 

[2012.08.01 16:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Extensions

[2011.08.24 23:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2013.01.20 20:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions

[2012.12.27 15:45:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.09.25 21:47:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\2gtd40tb.default\extensions\ich@maltegoetz.de

[2013.01.20 20:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\9hro88k3.default\extensions

[2012.08.01 16:33:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Romano\AppData\Roaming\mozilla\Firefox\Profiles\9hro88k3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.09.23 11:55:21 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\nosquint@urandom.ca.xpi

[2013.02.01 13:32:27 | 000,111,083 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

[2013.02.01 12:36:46 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.20 20:31:46 | 000,001,300 | ---- | M] () -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\searchplugins\claro.xml

[2013.01.08 15:16:42 | 000,003,224 | ---- | M] () -- C:\Users\Romano\AppData\Roaming\mozilla\firefox\profiles\2gtd40tb.default\searchplugins\webde-suche.xml

[2012.09.23 11:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.23 11:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com

[2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.01.20 20:31:35 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: 

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

CHR - Extension: No name found = C:\Users\Romano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SumatraPDF) - {EA58BBDF-F45C-4F28-8E52-CD5AA70D2C1E} - C:\Users\Romano\AppData\LocalLow\SumatraPDF\IE\SumatraPDF.dll (Krzysztof Kowalczyk)

O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found

O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6ACFEF-17AC-4A13-9AA4-742E3430E787}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk /p \??\L:)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.08 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.02.08 13:49:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.02.08 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.02.08 13:48:38 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Local\Programs

[2013.02.08 13:30:33 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2013.02.08 13:30:02 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll

[2013.02.08 13:18:45 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013.02.08 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2013.02.08 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2013.02.08 13:17:50 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys

[2013.02.08 13:17:50 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM.sys

[2013.02.08 13:17:49 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys

[2013.02.08 13:17:49 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys

[2013.02.08 13:17:49 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys

[2013.02.08 13:17:48 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys

[2013.02.08 13:17:48 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys

[2013.02.08 13:17:48 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys

[2013.02.08 13:17:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64

[2013.02.08 13:17:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1401000.018

[2013.02.08 13:17:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2013.02.08 13:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360

[2013.02.04 20:14:52 | 000,000,000 | ---D | C] -- C:\Users\Romano\Documents\Scanned Documents

[2013.02.04 20:14:52 | 000,000,000 | ---D | C] -- C:\Users\Romano\Documents\Fax

[2013.01.26 20:55:05 | 000,000,000 | -H-D | C] -- C:\Users\Romano\Documents\Freemake_do_not_remove_this_folder634948305053694030

[2013.01.22 12:44:07 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Local\NPE

[2013.01.20 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fat32Formatter1.1EN

[2013.01.20 20:31:46 | 000,000,000 | ---D | C] -- C:\Users\Romano\AppData\Roaming\Claro LTD

[2013.01.20 20:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2013.01.18 17:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2013.01.17 19:05:22 | 000,000,000 | -H-D | C] -- C:\Users\Romano\Documents\Freemake_do_not_remove_this_folder634940463221574373

[2013.01.14 19:51:21 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013.01.14 19:51:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013.01.14 19:51:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013.01.14 19:51:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013.01.14 19:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2013.01.14 16:18:29 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.01.14 16:18:23 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.01.14 16:18:23 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.01.14 16:18:23 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.01.14 16:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.10.27 07:17:30 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.08 19:42:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.08 19:42:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.08 14:52:09 | 000,037,619 | ---- | M] () -- C:\Windows\Q-Dir.ini

[2013.02.08 13:49:18 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.08 13:30:22 | 001,996,111 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB

[2013.02.08 13:24:57 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.02.08 13:24:57 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.02.08 13:18:45 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013.02.08 13:18:45 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013.02.08 13:18:45 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013.02.08 13:17:20 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2013.02.08 13:17:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.02.08 13:17:00 | 3214,745,600 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.03 21:00:07 | 000,009,622 | ---- | M] () -- C:\Users\Romano\Documents\Ihre Unterstützungsbekundung ist eingegangen! - Online-Sammelsystem.pdf

[2013.02.03 20:33:17 | 000,007,597 | ---- | M] () -- C:\Users\Romano\AppData\Local\resmon.resmoncfg

[2013.01.30 16:52:48 | 000,051,212 | ---- | M] () -- C:\Users\Romano\Documents\proprietär – Wikipedia.pdf

[2013.01.30 10:26:29 | 000,014,253 | ---- | M] () -- C:\Users\Romano\Documents\JOBBÖRSE - Stellenangebot.pdf

[2013.01.22 14:27:00 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.01.22 14:27:00 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.01.22 14:27:00 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.01.22 14:27:00 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.01.22 14:27:00 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.01.22 11:58:07 | 000,001,619 | ---- | M] () -- C:\Users\Romano\Desktop\DivX Movies.lnk

[2013.01.18 13:08:59 | 000,501,612 | ---- | M] () -- C:\Users\Romano\Documents\Kauf erfolgreich.pdf

[2013.01.17 22:13:11 | 000,651,237 | ---- | M] () -- C:\Users\Romano\Documents\Beim Kopieren wird mir immer der Dateizugriff verweigert.pdf

[2013.01.17 17:10:44 | 000,000,680 | RHS- | M] () -- C:\Users\Romano\ntuser.pol

[2013.01.14 19:50:51 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013.01.14 19:50:50 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll

[2013.01.14 19:50:50 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013.01.14 19:50:50 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013.01.14 19:50:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013.01.14 19:50:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013.01.14 16:18:18 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.01.14 16:18:18 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.01.14 16:18:18 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.01.14 16:18:18 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.01.14 16:18:18 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.01.14 16:18:18 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.02.08 13:49:18 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.02.08 13:30:01 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2013.02.08 13:18:49 | 001,996,111 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB

[2013.02.08 13:18:46 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013.02.08 13:18:46 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013.02.08 13:17:30 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM64.cat

[2013.02.08 13:17:30 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymVTcer.dat

[2013.02.08 13:17:30 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.cat

[2013.02.08 13:17:30 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.cat

[2013.02.08 13:17:30 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.cat

[2013.02.08 13:17:30 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnet64.cat

[2013.02.08 13:17:30 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.cat

[2013.02.08 13:17:30 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.cat

[2013.02.08 13:17:30 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\iron.cat

[2013.02.08 13:17:30 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA.inf

[2013.02.08 13:17:30 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS.inf

[2013.02.08 13:17:30 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymNet.inf

[2013.02.08 13:17:30 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.inf

[2013.02.08 13:17:30 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.inf

[2013.02.08 13:17:30 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symELAM.inf

[2013.02.08 13:17:30 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.inf

[2013.02.08 13:17:30 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Iron.inf

[2013.02.08 13:17:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\isolate.ini

[2013.02.03 21:00:06 | 000,009,622 | ---- | C] () -- C:\Users\Romano\Documents\Ihre Unterstützungsbekundung ist eingegangen! - Online-Sammelsystem.pdf

[2013.01.30 16:52:46 | 000,051,212 | ---- | C] () -- C:\Users\Romano\Documents\proprietär – Wikipedia.pdf

[2013.01.18 13:08:57 | 000,501,612 | ---- | C] () -- C:\Users\Romano\Documents\Kauf erfolgreich.pdf

[2013.01.17 22:13:05 | 000,651,237 | ---- | C] () -- C:\Users\Romano\Documents\Beim Kopieren wird mir immer der Dateizugriff verweigert.pdf

[2013.01.17 17:10:44 | 000,000,680 | RHS- | C] () -- C:\Users\Romano\ntuser.pol

[2012.12.28 23:28:29 | 000,001,483 | ---- | C] () -- C:\Users\Romano\AppData\Local\recently-used.xbel

[2012.12.28 21:07:49 | 000,000,022 | ---- | C] () -- C:\Users\Romano\AppData\Local\kodakpcd.ini

[2012.12.27 09:16:20 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.22 20:54:37 | 000,004,923 | ---- | C] () -- C:\ProgramData\drctchbl.xvi

[2012.11.22 20:53:29 | 000,004,948 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik

[2012.10.27 12:13:11 | 000,000,047 | ---- | C] () -- C:\Windows\wininit.ini

[2012.10.01 06:17:22 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe

[2012.09.29 23:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini

[2012.09.25 06:30:54 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll

[2012.09.25 06:30:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012.09.25 06:29:20 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

[2012.09.25 06:29:00 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll

[2012.09.25 06:29:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll

[2012.09.25 06:29:00 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2012.09.25 06:28:58 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll

[2012.09.25 06:28:58 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll

[2012.09.25 06:28:58 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll

[2012.07.19 19:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll

[2012.07.19 19:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll

[2012.07.19 19:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll

[2012.07.19 19:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll

[2012.07.19 19:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll

[2012.07.19 19:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll

[2012.07.19 19:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll

[2012.06.17 22:15:04 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\spdif_test.exe

[2012.06.17 22:14:58 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe

[2012.06.17 22:14:42 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll

[2012.06.02 22:12:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2012.05.27 22:12:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\machinist2.dll

[2012.05.25 14:06:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2012.05.12 23:42:16 | 001,272,320 | ---- | C] () -- C:\Windows\SysWow64\avcodec-53.dll

[2012.05.12 23:42:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\avutil-51.dll

[2012.04.23 01:20:57 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\ASILOCK.DLL

[2012.04.22 21:29:29 | 000,000,393 | ---- | C] () -- C:\Users\Romano\AppData\Local\HamsterVideoConverterSettings.cfg

[2012.03.06 16:49:11 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI

[2012.03.06 15:55:09 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2012.03.06 15:55:09 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2012.03.06 15:55:09 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2012.03.06 15:55:09 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2012.03.06 15:55:09 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2012.03.06 15:55:09 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2012.03.06 15:55:09 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2012.03.06 15:55:09 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2012.03.06 15:55:09 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2012.03.06 15:55:09 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2012.03.06 15:55:09 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2012.03.06 15:55:09 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2012.03.06 15:55:09 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2012.03.06 15:55:09 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2012.03.06 15:55:09 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2012.03.06 15:55:09 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2012.03.06 15:55:09 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2012.03.06 15:55:09 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2012.03.06 15:55:09 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2012.03.06 15:03:15 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC66SeriesEuro.ini

[2012.03.01 16:57:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2012.03.01 16:52:40 | 002,117,678 | ---- | C] () -- C:\Program Files (x86)\7_Fade.scr

[2012.03.01 16:46:07 | 000,033,443 | ---- | C] () -- C:\Windows\fire-un.exe

[2012.02.09 17:36:36 | 000,000,000 | ---- | C] () -- C:\Windows\PestPatrol5.INI

[2012.02.08 21:53:57 | 011,329,536 | ---- | C] () -- C:\Users\Romano\AppData\Roaming\Sandra.mdb

[2012.02.02 19:48:29 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini

[2011.12.16 02:23:20 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2011.12.16 02:23:20 | 000,000,058 | ---- | C] () -- C:\Users\Romano\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

[2011.12.15 16:22:33 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2011.12.11 02:29:34 | 000,000,659 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011.12.11 02:29:16 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini

[2011.12.11 00:43:17 | 000,000,206 | ---- | C] () -- C:\Users\Romano\AppData\Roaming\burnaware.ini

[2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll

[2011.11.22 17:41:06 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI

[2011.11.22 16:34:39 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011.11.22 16:34:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011.11.22 16:34:38 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini

[2011.11.22 16:34:38 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini

[2011.11.22 16:34:38 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini

[2011.11.22 16:34:38 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini

[2011.11.22 16:34:38 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini

[2011.11.22 16:34:38 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini

[2011.11.22 16:34:38 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini

[2011.11.22 16:34:38 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini

[2011.11.22 16:34:38 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini

[2011.11.22 16:34:38 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini

[2011.11.22 16:34:38 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini

[2011.11.22 16:34:37 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll

[2011.11.22 16:34:37 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini

[2011.11.22 16:34:37 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini

[2011.11.22 16:34:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini

[2011.11.22 16:34:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini

[2011.11.22 14:55:09 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe

[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.11.08 17:53:53 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini

[2011.11.08 17:53:53 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg

[2011.11.08 17:53:53 | 000,000,103 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi

[2011.11.06 02:20:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

[2011.11.01 00:00:10 | 000,037,619 | ---- | C] () -- C:\Windows\Q-Dir.ini

[2011.10.31 16:41:24 | 000,007,680 | ---- | C] () -- C:\Users\Romano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.24 19:08:06 | 000,007,597 | ---- | C] () -- C:\Users\Romano\AppData\Local\resmon.resmoncfg

[2011.09.27 14:45:40 | 000,825,072 | ---- | C] () -- C:\Users\Romano\AppData\Local\census.cache

[2011.09.27 14:45:31 | 000,107,898 | ---- | C] () -- C:\Users\Romano\AppData\Local\ars.cache

[2011.09.27 14:35:56 | 000,000,036 | ---- | C] () -- C:\Users\Romano\AppData\Local\housecall.guid.cache

[2011.09.22 15:53:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.09.08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll

[2011.09.08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll

[2011.09.08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll

[2011.09.08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll

[2011.09.08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe

[2011.09.08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll

[2011.09.08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe

[2011.09.08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe

[2011.09.08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll

[2011.09.08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll

[2011.08.26 23:11:07 | 000,000,000 | ---- | C] () -- C:\Windows\Alienware Screensaver - Vista.ini

[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll

[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll

[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll

[2011.02.11 11:26:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98353363
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 08.02.2013 19:43:56 - Run 6

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Romano\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,99 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,38% Memory free

7,98 Gb Paging File | 6,09 Gb Available in Paging File | 76,30% Paging File free

Paging file location(s): b:\pagefile.sys 4087 4087c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 358,91 Gb Total Space | 285,54 Gb Free Space | 79,56% Space Free | Partition Type: NTFS

Drive D: | 398,72 Gb Total Space | 270,25 Gb Free Space | 67,78% Space Free | Partition Type: NTFS

Drive E: | 100,00 Mb Total Space | 70,25 Mb Free Space | 70,25% Space Free | Partition Type: NTFS

Drive F: | 15,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: ROMANO-PC | User Name: Romano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-1110905163-2029797133-1185949680-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F99693E-E5B0-4305-9EA6-62299E03F29F}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1D6D464E-5EA1-45CA-AF0E-0A35CDD17F9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1DE6DA63-A69D-4724-BDAE-B6CB4B9FB7F3}" = lport=138 | protocol=17 | dir=in | app=system | 

"{27E0BC9C-9BD0-4BB9-BCDA-AD9C95CB79E4}" = rport=445 | protocol=6 | dir=out | app=system | 

"{2A12C557-E9C4-42C8-8274-ED47AB6538A3}" = lport=445 | protocol=6 | dir=in | app=system | 

"{2B11204C-E1C9-4057-88BA-4315745BB5B2}" = lport=139 | protocol=6 | dir=in | app=system | 

"{2CBAD426-57CC-4BAE-AA73-792D45F6808F}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{2DAA1E26-DBF4-4115-81F4-CBC091CCF8ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3406C589-2AB4-43F6-8BA6-A470EB5D3124}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{367C09E6-F441-4C41-AC6F-C29C3E8C63EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{425EF697-BF90-4C30-B58A-89D9EC460A16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{43AC5501-A5CE-4224-80EE-87D5DA884BFC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{496BCB6F-25B8-4AF5-8785-5BABEBFE21B3}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{512C855F-31E9-42BC-AF24-61BFCE96E866}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{5EFFF287-E2A4-40F1-9F37-6DD64F0DAB05}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\rpcagentsrv.exe | 

"{76D470FB-23BD-40F7-BE4A-4F8FDBE042F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{7C03F65F-3D7B-42F1-829B-9AE4557E479D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{841B68D8-1CBA-4A84-AEDC-34F096E1E73E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{867BE100-CEE5-44D1-B4A7-029257B6BAB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{95122940-FA06-413F-AD78-66305E9B29D0}" = lport=137 | protocol=17 | dir=in | app=system | 

"{965AA1BB-83CA-4ADD-BE77-E93CAFE30221}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{96A42FC9-59FE-457C-86AF-9895C0623662}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 

"{A04766D2-28A2-4431-8867-9B7A9469F30E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\wnt500x64\rpcsandrasrv.exe | 

"{AF6E4579-6348-4F9B-8925-A00B5A144723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B09711E2-E4F5-4F9A-AC29-EE412BD098D8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{B7C5853B-4F7B-4379-AE4A-F415D9096DB7}" = rport=138 | protocol=17 | dir=out | app=system | 

"{B826DF88-FA42-4162-A00B-5080A136D3BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CD7EE0D8-4943-4A2A-A64F-22AEF7AEA123}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CE37E344-56CD-4E20-B545-76D9612F4D50}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{DE8BE494-9308-45F9-9763-3E86EA6E10C4}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{E1CF309B-2020-4D5F-80AE-6C8607F60E60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F1D64118-3AD3-410D-9A75-7CBD9DC7EA34}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{FA953D19-C43F-4281-A560-615BA8B1F07A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{FE79B84C-F7F1-47FB-903C-BD5CE9FC843E}" = rport=137 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1402358A-D95A-47A8-B97B-84A0AE510957}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{1444F8CD-F34C-413A-A54F-273ED2D93358}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{2D8E6A9F-BF74-4327-B771-C3E618C94C36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{465FDF57-1F21-4130-9741-83AB3E644831}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 

"{49D0C06F-C860-42B8-B175-B1EF63B5BD0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{526AE535-D228-4497-A519-37B69E689C39}" = protocol=6 | dir=out | app=system | 

"{543C72EC-B8A3-4F73-96CB-866872D7B898}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{61CAF6B1-CCAD-4BFE-A2C9-8A3DB1E40F32}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{7408CA1A-E3E8-49BA-851B-5380BA151755}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{77952AD4-1855-4D32-9B58-6890D238D88C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7C87BD86-26E6-460E-ADBF-56CE7B52D482}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{8B1DF048-044A-485E-A427-15232B34113C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{8EC72FCD-D458-46D6-B238-E24AC6FCF916}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{8F801139-2F89-4F43-9521-33D1BC7EB1D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{99CFCA2F-F1B1-4BE0-8AF1-BCD84E235C5D}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 

"{9CF20BD3-D413-4771-96D4-6F1746CF8241}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{9CF467CB-9C60-4FB4-89B4-A7F83D48402D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{9DF3413F-2D89-4D43-AD23-0D5782C29C7B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{A22411E4-8058-4455-B94C-106DBAAE10FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{A4617D80-1FFB-482E-AE88-D0144B7D47E3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{A54E12BB-536C-4D4F-B1E2-5A2D1D4CA491}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 

"{A5A909BA-9A65-4576-83CF-3D460F8A6880}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{DFAD4365-7840-4F76-A4BC-E9F908760D82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{F9FD7019-DFC7-47AA-8128-3238D610FE38}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"TCP Query User{2FF787CC-5015-48E8-B711-C7F4C21F60F9}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | 

"UDP Query User{D3B7AFF1-8333-4817-B955-770AFF6CB154}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP2

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"doPDF 7 printer_is1" = doPDF 7.3 printer

"GIMP-2_is1" = GIMP 2.8.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Unlocker" = Unlocker 1.9.1-x64

"WinRAR archiver" = WinRAR 4.20 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5

"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11

"{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1" = Rainbow Folders

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F665C0D9-D110-4E21-A073-952057C7ADB1}" = PTDD Super Fdisk 1.0

"{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 2.3.0

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.22beta

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Alienware Screensaver - Vista_is1" = Alienware Screensaver - Vista

"DivX Setup" = DivX-Setup

"DIVXCodec" = DivX Codec 3.1alpha release

"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.7.9 (20/11/2012)

"Easy CD-DA Extractor Free 2010" = Easy CD-DA Extractor Free 2010

"ESC66 Referenzhandbuch" = ESC66 Referenzhandbuch

"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]

"Fireflies" = Fireflies Screensaver (remove only)

"Fireside Christmas 3D Screensaver_is1" = Fireside Christmas 3D Screensaver 1.0

"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2

"Lantern 3D Screensaver_is1" = Lantern 3D Screensaver 1.0

"LingoPad_is1" = LingoPad 2.6 (Build 360)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"Media Player - Codec Pack" = Media Player Codec Pack 4.2.3

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)

"N360" = Norton 360

"nLite_is1" = nLite 1.4.9.1

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Q-Dir" = Q-Dir

"Screen Capturer" = Screen Capturer

"The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 07.02.2013 18:41:00 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_myfolder.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 07.02.2013 18:41:00 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_media-player-codec-pack.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 07.02.2013 18:41:00 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_gimp.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 07.02.2013 18:41:00 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_hamster-free-video-converter.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 07.02.2013 18:41:00 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_mp3-2-wav-converter.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 07.02.2013 18:41:00 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_free-audio-editor.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 07.02.2013 18:41:00 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_fat32-format.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 07.02.2013 18:41:01 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_rambooster(1).exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 07.02.2013 18:41:01 | Computer Name = Romano-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Romano\Downloads\SoftonicDownloader_fuer_rambooster.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 08.02.2013 07:50:10 | Computer Name = Romano-PC | Source = Windows Backup | ID = 4103

Description = 

 

[ Media Center Events ]

Error - 30.06.2012 17:20:51 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 23:20:51 - Fehler beim Herstellen der Internetverbindung.  23:20:51 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 30.06.2012 17:20:58 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 23:20:56 - Fehler beim Herstellen der Internetverbindung.  23:20:56 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 02.07.2012 16:21:47 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 22:21:47 - Fehler beim Herstellen der Internetverbindung.  22:21:47 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 02.07.2012 16:21:58 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 22:21:53 - Fehler beim Herstellen der Internetverbindung.  22:21:53 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 23.09.2012 13:04:16 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 19:04:16 - Fehler beim Herstellen der Internetverbindung.  19:04:16 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 23.09.2012 13:04:26 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 19:04:21 - Fehler beim Herstellen der Internetverbindung.  19:04:21 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 24.09.2012 16:17:28 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 22:17:28 - Fehler beim Herstellen der Internetverbindung.  22:17:28 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 24.09.2012 16:17:37 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 22:17:33 - Fehler beim Herstellen der Internetverbindung.  22:17:33 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 24.09.2012 17:17:42 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 23:17:42 - Fehler beim Herstellen der Internetverbindung.  23:17:42 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 24.09.2012 17:17:48 | Computer Name = Romano-PC | Source = MCUpdate | ID = 0

Description = 23:17:47 - Fehler beim Herstellen der Internetverbindung.  23:17:47 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ System Events ]

Error - 08.02.2013 07:48:47 | Computer Name = Romano-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%5.

 

Error - 08.02.2013 07:49:24 | Computer Name = Romano-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%5.

 

Error - 08.02.2013 07:49:40 | Computer Name = Romano-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%5.

 

Error - 08.02.2013 07:49:55 | Computer Name = Romano-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%5.

 

Error - 08.02.2013 08:17:08 | Computer Name = Romano-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

Error - 08.02.2013 08:17:16 | Computer Name = Romano-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   SBRE

 

Error - 08.02.2013 08:33:01 | Computer Name = Romano-PC | Source = WMPNetworkSvc | ID = 866333

Description = 

 

Error - 08.02.2013 08:38:50 | Computer Name = Romano-PC | Source = WMPNetworkSvc | ID = 866333

Description = 

 

Error - 08.02.2013 10:28:45 | Computer Name = Romano-PC | Source = WMPNetworkSvc | ID = 866333

Description = 

 

Error - 08.02.2013 12:37:47 | Computer Name = Romano-PC | Source = WMPNetworkSvc | ID = 866333

Description = 

 

 

< End of report >

--- --- ---

das ist schon wieder nicht das richtige... du sollst wie auf seite 1 geschrieben, das script in otl einfügen und scannen