Hallo Leo,
der Rechner läuft ganz normal und es funktioniert soweit alles.
Ich habe die Programme ausgeführt. Das einzige Ergebnis, das mir aufgefallen ist, war beim Scan von ESET: Da wurde etwas in einem Quarantäne-Verzeichnis gefunden.
Ich hoffe, das passt jetzt alles nach den Löschungen?
Fixlog von OTL: Code:
All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:FFD42BAF deleted successfully.
ADS C:\ProgramData\Temp:E07230CC deleted successfully.
ADS C:\ProgramData\Temp:A0C7D68A deleted successfully.
ADS C:\ProgramData\Temp:A3E39C6A deleted successfully.
ADS C:\ProgramData\Temp:213AFE42 deleted successfully.
ADS C:\ProgramData\Temp:6D635C5B deleted successfully.
ADS C:\ProgramData\Temp:ADF0A5DD deleted successfully.
ADS C:\ProgramData\Temp:DA18D4E3 deleted successfully.
ADS C:\ProgramData\Temp:B1E64E47 deleted successfully.
ADS C:\ProgramData\Temp:2216A431 deleted successfully.
ADS C:\ProgramData\Temp:4F96D8E6 deleted successfully.
ADS C:\ProgramData\Temp:4B70A9FA deleted successfully.
ADS C:\ProgramData\Temp:639BB5E9 deleted successfully.
ADS C:\ProgramData\Temp:3A4C8FE7 deleted successfully.
ADS C:\ProgramData\Temp:6AD65294 deleted successfully.
ADS C:\ProgramData\Temp:5A15BCD4 deleted successfully.
ADS C:\ProgramData\Temp:2D3CB929 deleted successfully.
ADS C:\ProgramData\Temp:FD38E906 deleted successfully.
ADS C:\ProgramData\Temp:8C81B36D deleted successfully.
ADS C:\ProgramData\Temp:3B07E6F4 deleted successfully.
ADS C:\ProgramData\Temp:10873493 deleted successfully.
ADS C:\ProgramData\Temp:102394C6 deleted successfully.
ADS C:\ProgramData\Temp:04ADB7A6 deleted successfully.
ADS C:\ProgramData\Temp:F53B274A deleted successfully.
ADS C:\ProgramData\Temp:56F368C9 deleted successfully.
ADS C:\ProgramData\Temp:393F7B1E deleted successfully.
ADS C:\ProgramData\Temp:2ABB51D4 deleted successfully.
ADS C:\ProgramData\Temp:2077FAC7 deleted successfully.
ADS C:\ProgramData\Temp:8DD36B71 deleted successfully.
ADS C:\ProgramData\Temp:1E288DA3 deleted successfully.
ADS C:\ProgramData\Temp:8B3C3098 deleted successfully.
ADS C:\ProgramData\Temp:5CE65446 deleted successfully.
ADS C:\ProgramData\Temp:14D29229 deleted successfully.
ADS C:\ProgramData\Temp:30E0D641 deleted successfully.
ADS C:\ProgramData\Temp:2B856118 deleted successfully.
ADS C:\ProgramData\Temp:0DFE2AE1 deleted successfully.
ADS C:\ProgramData\Temp:014BC3B4 deleted successfully.
ADS C:\ProgramData\Temp:F43B7E8F deleted successfully.
ADS C:\ProgramData\Temp:F2327E82 deleted successfully.
ADS C:\ProgramData\Temp:E9900C74 deleted successfully.
ADS C:\ProgramData\Temp:C82210DD deleted successfully.
ADS C:\ProgramData\Temp:7EABF26C deleted successfully.
ADS C:\ProgramData\Temp:76466F4C deleted successfully.
ADS C:\ProgramData\Temp:64170090 deleted successfully.
ADS C:\ProgramData\Temp:4B244549 deleted successfully.
ADS C:\ProgramData\Temp:436BE28C deleted successfully.
ADS C:\ProgramData\Temp:C43C957E deleted successfully.
ADS C:\ProgramData\Temp:9B2BD056 deleted successfully.
ADS C:\ProgramData\Temp:966CEAE7 deleted successfully.
ADS C:\ProgramData\Temp:17F7AEA3 deleted successfully.
ADS C:\ProgramData\Temp:FEE00EB9 deleted successfully.
ADS C:\ProgramData\Temp:B790962B deleted successfully.
ADS C:\ProgramData\Temp:9CF728A6 deleted successfully.
ADS C:\ProgramData\Temp:03D08225 deleted successfully.
ADS C:\ProgramData\Temp:FBE5FDB9 deleted successfully.
ADS C:\ProgramData\Temp:DD95E6D9 deleted successfully.
ADS C:\ProgramData\Temp:D4D3884D deleted successfully.
ADS C:\ProgramData\Temp:D4BB0AD6 deleted successfully.
ADS C:\ProgramData\Temp:BBF60A29 deleted successfully.
ADS C:\ProgramData\Temp:A5CD91DF deleted successfully.
ADS C:\ProgramData\Temp:A4076A3B deleted successfully.
ADS C:\ProgramData\Temp:751D6870 deleted successfully.
ADS C:\ProgramData\Temp:6301CE40 deleted successfully.
ADS C:\ProgramData\Temp:571CCF8E deleted successfully.
ADS C:\ProgramData\Temp:3FE1A827 deleted successfully.
ADS C:\ProgramData\Temp:2C8C1CCD deleted successfully.
ADS C:\ProgramData\Temp:073139EC deleted successfully.
ADS C:\ProgramData\Temp:F9EDCFB0 deleted successfully.
ADS C:\ProgramData\Temp:F65A2273 deleted successfully.
ADS C:\ProgramData\Temp:B2112CA5 deleted successfully.
ADS C:\ProgramData\Temp:706B1D1A deleted successfully.
ADS C:\ProgramData\Temp:5BB7898D deleted successfully.
ADS C:\ProgramData\Temp:4EE323A4 deleted successfully.
ADS C:\ProgramData\Temp:0988A428 deleted successfully.
ADS C:\ProgramData\Temp:7425C891 deleted successfully.
ADS C:\ProgramData\Temp:661DC753 deleted successfully.
ADS C:\ProgramData\Temp:2E9900EE deleted successfully.
ADS C:\ProgramData\Temp:F7FFE8AF deleted successfully.
ADS C:\ProgramData\Temp:92D91D7E deleted successfully.
ADS C:\ProgramData\Temp:7D288858 deleted successfully.
ADS C:\ProgramData\Temp:07D64CD9 deleted successfully.
ADS C:\ProgramData\Temp:9C337CCE deleted successfully.
ADS C:\ProgramData\Temp:6E11933F deleted successfully.
ADS C:\ProgramData\Temp:00AA4B31 deleted successfully.
ADS C:\ProgramData\Temp:EA701346 deleted successfully.
ADS C:\ProgramData\Temp:DE892EFB deleted successfully.
ADS C:\ProgramData\Temp:BE6DC701 deleted successfully.
ADS C:\ProgramData\Temp:5FD47318 deleted successfully.
ADS C:\ProgramData\Temp:BA24E689 deleted successfully.
ADS C:\ProgramData\Temp:1709732A deleted successfully.
ADS C:\ProgramData\Temp:07C99568 deleted successfully.
ADS C:\ProgramData\Temp:02B823FE deleted successfully.
ADS C:\ProgramData\Temp:F52DB269 deleted successfully.
ADS C:\ProgramData\Temp:F19A4790 deleted successfully.
ADS C:\ProgramData\Temp:EB68CA55 deleted successfully.
ADS C:\ProgramData\Temp:A2B3764A deleted successfully.
ADS C:\ProgramData\Temp:3C0887BF deleted successfully.
ADS C:\ProgramData\Temp:2E45FA8F deleted successfully.
ADS C:\ProgramData\Temp:0860D6D6 deleted successfully.
ADS C:\ProgramData\Temp:E07EA07E deleted successfully.
ADS C:\ProgramData\Temp:9331E9D2 deleted successfully.
ADS C:\ProgramData\Temp:43E95997 deleted successfully.
ADS C:\ProgramData\Temp:2775F9E2 deleted successfully.
ADS C:\ProgramData\Temp:85376176 deleted successfully.
ADS C:\ProgramData\Temp:5AE41FFB deleted successfully.
ADS C:\ProgramData\Temp:3C6860C5 deleted successfully.
ADS C:\ProgramData\Temp:EC0279DC deleted successfully.
ADS C:\ProgramData\Temp:D02FBAEC deleted successfully.
ADS C:\ProgramData\Temp:7AF9CAEB deleted successfully.
ADS C:\ProgramData\Temp:4149A170 deleted successfully.
ADS C:\ProgramData\Temp:AC0528D9 deleted successfully.
ADS C:\ProgramData\Temp:56C17A93 deleted successfully.
ADS C:\ProgramData\Temp:45F3AD49 deleted successfully.
ADS C:\ProgramData\Temp:1B9E79B3 deleted successfully.
ADS C:\ProgramData\Temp:059167AF deleted successfully.
ADS C:\ProgramData\Temp:F986CC21 deleted successfully.
ADS C:\ProgramData\Temp:DDEB08FD deleted successfully.
ADS C:\ProgramData\Temp:CE6885F1 deleted successfully.
ADS C:\ProgramData\Temp:57B374AB deleted successfully.
ADS C:\ProgramData\Temp:490BCC52 deleted successfully.
ADS C:\ProgramData\Temp:16A4620C deleted successfully.
ADS C:\ProgramData\Temp:10D45FC3 deleted successfully.
ADS C:\ProgramData\Temp:AC95B5ED deleted successfully.
ADS C:\ProgramData\Temp:35A81752 deleted successfully.
ADS C:\ProgramData\Temp:2D1AE3BE deleted successfully.
ADS C:\ProgramData\Temp:E2CB42C9 deleted successfully.
ADS C:\ProgramData\Temp:B3942462 deleted successfully.
ADS C:\ProgramData\Temp:89A5891E deleted successfully.
ADS C:\ProgramData\Temp:84CFEE62 deleted successfully.
ADS C:\ProgramData\Temp:6FD36C4B deleted successfully.
ADS C:\ProgramData\Temp:56C66609 deleted successfully.
ADS C:\ProgramData\Temp:E1D818F7 deleted successfully.
ADS C:\ProgramData\Temp:C35B4B19 deleted successfully.
ADS C:\ProgramData\Temp:97B3B270 deleted successfully.
ADS C:\ProgramData\Temp:6FDE1666 deleted successfully.
ADS C:\ProgramData\Temp:43AA121F deleted successfully.
ADS C:\ProgramData\Temp:09708CB7 deleted successfully.
ADS C:\ProgramData\Temp:CFF6B3FF deleted successfully.
ADS C:\ProgramData\Temp:9D03192E deleted successfully.
ADS C:\ProgramData\Temp:969C0C96 deleted successfully.
ADS C:\ProgramData\Temp:9290C91C deleted successfully.
ADS C:\ProgramData\Temp:6E3C585B deleted successfully.
ADS C:\ProgramData\Temp:3815BC84 deleted successfully.
ADS C:\ProgramData\Temp:3473F385 deleted successfully.
ADS C:\ProgramData\Temp:0E636D62 deleted successfully.
ADS C:\ProgramData\Temp:F1175E1D deleted successfully.
ADS C:\ProgramData\Temp:E855BDCF deleted successfully.
ADS C:\ProgramData\Temp:BC1F7CAE deleted successfully.
ADS C:\ProgramData\Temp:A7B70C4E deleted successfully.
ADS C:\ProgramData\Temp:A2C4E5BC deleted successfully.
ADS C:\ProgramData\Temp:592D7272 deleted successfully.
ADS C:\ProgramData\Temp:4A966CC2 deleted successfully.
ADS C:\ProgramData\Temp:217A2A36 deleted successfully.
ADS C:\ProgramData\Temp:FEEEFFAD deleted successfully.
ADS C:\ProgramData\Temp:CFDE7852 deleted successfully.
ADS C:\ProgramData\Temp:CB0FEE2B deleted successfully.
ADS C:\ProgramData\Temp:C7857F06 deleted successfully.
ADS C:\ProgramData\Temp:A1023D41 deleted successfully.
ADS C:\ProgramData\Temp:6A9EDD31 deleted successfully.
ADS C:\ProgramData\Temp:658DE22A deleted successfully.
ADS C:\ProgramData\Temp:4C49306C deleted successfully.
ADS C:\ProgramData\Temp:1D8AAA7B deleted successfully.
ADS C:\ProgramData\Temp:B285A50E deleted successfully.
ADS C:\ProgramData\Temp:A2907225 deleted successfully.
ADS C:\ProgramData\Temp:69D59C23 deleted successfully.
ADS C:\ProgramData\Temp:66FC2E6F deleted successfully.
ADS C:\ProgramData\Temp:3A6BC948 deleted successfully.
ADS C:\ProgramData\Temp:151760F0 deleted successfully.
ADS C:\ProgramData\Temp:EB4FEEF5 deleted successfully.
ADS C:\ProgramData\Temp:E0848D16 deleted successfully.
ADS C:\ProgramData\Temp:CD6DF7CC deleted successfully.
ADS C:\ProgramData\Temp:C74009E5 deleted successfully.
ADS C:\ProgramData\Temp:BACB6B6C deleted successfully.
ADS C:\ProgramData\Temp:B6285236 deleted successfully.
ADS C:\ProgramData\Temp:883EDFB5 deleted successfully.
ADS C:\ProgramData\Temp:8140CB50 deleted successfully.
ADS C:\ProgramData\Temp:7CEDF9F3 deleted successfully.
ADS C:\ProgramData\Temp:6C049F97 deleted successfully.
ADS C:\ProgramData\Temp:66AA0486 deleted successfully.
ADS C:\ProgramData\Temp:63B38619 deleted successfully.
ADS C:\ProgramData\Temp:439E3411 deleted successfully.
ADS C:\ProgramData\Temp:413E2927 deleted successfully.
ADS C:\ProgramData\Temp:35C78DCC deleted successfully.
ADS C:\ProgramData\Temp:32FFF2D1 deleted successfully.
ADS C:\ProgramData\Temp:FC2E567F deleted successfully.
ADS C:\ProgramData\Temp:F3029A65 deleted successfully.
ADS C:\ProgramData\Temp:D5DAEF21 deleted successfully.
ADS C:\ProgramData\Temp:AA004D25 deleted successfully.
ADS C:\ProgramData\Temp:6E2A6B4A deleted successfully.
ADS C:\ProgramData\Temp:329BA65B deleted successfully.
ADS C:\ProgramData\Temp:169E7AC5 deleted successfully.
ADS C:\ProgramData\Temp:122B409D deleted successfully.
ADS C:\ProgramData\Temp:FECEF728 deleted successfully.
ADS C:\ProgramData\Temp:AE2EA3C2 deleted successfully.
ADS C:\ProgramData\Temp:8CCDAB14 deleted successfully.
ADS C:\ProgramData\Temp:69FD6BF0 deleted successfully.
ADS C:\ProgramData\Temp:CA99FD89 deleted successfully.
ADS C:\ProgramData\Temp:B67A5784 deleted successfully.
ADS C:\ProgramData\Temp:9E50C1C9 deleted successfully.
ADS C:\ProgramData\Temp:6C031E3E deleted successfully.
ADS C:\ProgramData\Temp:6677D85A deleted successfully.
ADS C:\ProgramData\Temp:627B7F7C deleted successfully.
ADS C:\ProgramData\Temp:561568A4 deleted successfully.
ADS C:\ProgramData\Temp:5216EF84 deleted successfully.
ADS C:\ProgramData\Temp:B1FBA7E1 deleted successfully.
ADS C:\ProgramData\Temp:99A29126 deleted successfully.
ADS C:\ProgramData\Temp:97995ED4 deleted successfully.
ADS C:\ProgramData\Temp:33611CFB deleted successfully.
ADS C:\ProgramData\Temp:C3C72D5F deleted successfully.
ADS C:\ProgramData\Temp:A688EF17 deleted successfully.
ADS C:\ProgramData\Temp:47FE7AB7 deleted successfully.
ADS C:\ProgramData\Temp:B12D1A7D deleted successfully.
ADS C:\ProgramData\Temp:FD2BFC89 deleted successfully.
ADS C:\ProgramData\Temp:E4E43015 deleted successfully.
ADS C:\ProgramData\Temp:9547F1DB deleted successfully.
ADS C:\ProgramData\Temp:537E6E55 deleted successfully.
ADS C:\ProgramData\Temp:1A4BF204 deleted successfully.
ADS C:\ProgramData\Temp:097FF903 deleted successfully.
ADS C:\ProgramData\Temp:F2AF86D9 deleted successfully.
ADS C:\ProgramData\Temp:63F8EC77 deleted successfully.
ADS C:\ProgramData\Temp:639F0420 deleted successfully.
ADS C:\ProgramData\Temp:EB5BDBB0 deleted successfully.
ADS C:\ProgramData\Temp:AA60673F deleted successfully.
ADS C:\ProgramData\Temp:79A70C33 deleted successfully.
ADS C:\ProgramData\Temp:10D98D98 deleted successfully.
ADS C:\ProgramData\Temp:B321E944 deleted successfully.
ADS C:\ProgramData\Temp:5FBC2BC4 deleted successfully.
ADS C:\ProgramData\Temp:EF4FB3C5 deleted successfully.
ADS C:\ProgramData\Temp:E41267F2 deleted successfully.
ADS C:\ProgramData\Temp:D8DB81DC deleted successfully.
ADS C:\ProgramData\Temp:603FD11D deleted successfully.
ADS C:\ProgramData\Temp:1CE87230 deleted successfully.
ADS C:\ProgramData\Temp:C7B98566 deleted successfully.
ADS C:\ProgramData\Temp:BFAD7A5D deleted successfully.
ADS C:\ProgramData\Temp:1A8BB29B deleted successfully.
ADS C:\ProgramData\Temp:126591AF deleted successfully.
ADS C:\ProgramData\Temp:F0AB86C0 deleted successfully.
ADS C:\ProgramData\Temp:71FA8B7F deleted successfully.
ADS C:\ProgramData\Temp:67BA17B9 deleted successfully.
ADS C:\ProgramData\Temp:554C6431 deleted successfully.
ADS C:\ProgramData\Temp:D1713795 deleted successfully.
ADS C:\ProgramData\Temp:880F0FEF deleted successfully.
ADS C:\ProgramData\Temp:52E1DB1D deleted successfully.
ADS C:\ProgramData\Temp:3991CD7D deleted successfully.
ADS C:\ProgramData\Temp:31F2397C deleted successfully.
ADS C:\ProgramData\Temp:BDF08FAF deleted successfully.
Prefs.js: wtxpcom@mybrowserbar.com:5.8 removed from extensions.enabledItems
ADS C:\ProgramData\Temp:A745DB5D deleted successfully.
ADS C:\ProgramData\Temp:9E2BD6A9 deleted successfully.
ADS C:\ProgramData\Temp:8F067037 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: UserName
->Temp folder emptied: 3246 bytes
->Temporary Internet Files folder emptied: 3479243 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 424562477 bytes
->Google Chrome cache emptied: 54957119 bytes
->Flash cache emptied: 13631787 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7800 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 23340472 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 745 bytes
RecycleBin emptied: 749612 bytes
Total Files Cleaned = 497.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06022013_172816
Files\Folders moved on Reboot...
C:\Users\UserName\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\UserName\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot... Log von MBAM: Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.06.02.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
UserName :: UserName-NOTEBOOK [Administrator]
02.06.2013 17:39:55
mbam-log-2013-06-02 (17-39-55).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238696
Laufzeit: 7 Minute(n), 50 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende) Log von ESET: Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e0db742b7b43c243b96794d8b4ca6edd
# engine=13975
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-02 07:02:33
# local_time=2013-06-02 09:02:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 98 88678 235623043 81454 0
# compatibility_mode=5893 16776574 100 94 29298852 121829603 0 0
# scanned=316695
# found=1
# cleaned=0
# scan_time=11372
sh=0D9BE9F1DF45C6B151538D8CDF5A583D021AB548 ft=1 fh=e489624dc8a93800 vn="a variant of Win32/Ponmocup.GM trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\UserName\AppData\Roaming\pcauiy.dll.vir" Log von SecurityCheck: Code:
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64
Internet Explorer 10 ``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Adobe Flash Player 11.7.700.169
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Mozilla Thunderbird (7.0.1) Thunderbird out of Date!
Google Chrome 26.0.1410.64
Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Mobile Partner OnlineUpdate ouc.exe `````````````````System Health check`````````````````
Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Log von OTL:
OTL Logfile: Code:
OTL logfile created on: 6/2/2013 11:28:48 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Dateien
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.97 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.45% Memory free
7.93 Gb Paging File | 5.90 Gb Available in Paging File | 74.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153.22 Gb Total Space | 79.30 Gb Free Space | 51.76% Space Free | Partition Type: NTFS
Drive D: | 297.44 Gb Total Space | 257.01 Gb Free Space | 86.41% Space Free | Partition Type: NTFS
Computer Name: UserName-NOTEBOOK | User Name: UserName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/01 23:39:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Dateien\OTL.exe
PRC - [2013/05/23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/02/04 21:42:54 | 000,239,968 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2012/08/08 21:39:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/22 10:27:28 | 000,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2009/09/12 14:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/06 09:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/06/01 10:26:34 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/04/14 11:50:26 | 000,487,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
PRC - [2008/10/24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/30 15:21:08 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\066b13fa55730501c5e0878ce3fb6650\PresentationFramework.ni.dll
MOD - [2013/05/30 15:20:43 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/30 15:20:34 | 001,806,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\33125250f48dd834dde012979858b39f\System.Deployment.ni.dll
MOD - [2013/05/30 15:20:30 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f42c285cad88c39e520614502430f205\PresentationCore.ni.dll
MOD - [2013/05/30 15:20:14 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/30 15:19:57 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013/05/23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/03/09 18:07:22 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/03/09 18:07:14 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/31 08:42:18 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/31 08:41:58 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/31 08:41:29 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/31 08:41:20 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/31 08:40:59 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll
MOD - [2013/01/31 08:40:54 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/31 08:40:48 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/11/13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:57:46 | 000,610,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009/10/28 23:30:24 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009/10/28 23:29:55 | 000,397,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2009/10/22 10:26:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2009/10/22 10:26:26 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
MOD - [2009/10/22 10:26:14 | 000,840,192 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
MOD - [2009/10/22 10:26:14 | 000,516,096 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2009/10/22 10:26:12 | 000,674,816 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\LEDMXMLObjects.dll
MOD - [2009/10/22 10:26:12 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2009/10/22 10:26:10 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
MOD - [2009/10/22 10:26:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2009/10/22 10:26:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/10/15 09:25:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/09/28 09:22:00 | 000,496,128 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\yk62x64.dll -- (yksvc)
SRV:64bit: - [2009/09/02 09:55:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/02/04 21:42:54 | 000,239,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/01 10:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2008/10/24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/02/04 21:42:54 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2013/02/04 21:42:54 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013/02/04 21:42:54 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2013/02/04 21:42:54 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/27 07:20:32 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/02 10:31:48 | 006,204,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/22 00:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/15 01:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2007/07/16 23:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 23:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-691484766-175042921-2864471598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-691484766-175042921-2864471598-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-691484766-175042921-2864471598-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-691484766-175042921-2864471598-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-691484766-175042921-2864471598-1001\..\SearchScopes\{E477C509-3405-4051-A642-6F99B170DF3A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-691484766-175042921-2864471598-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 08:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 08:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/18 22:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 08:59:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 08:59:26 | 000,000,000 | ---D | M]
[2010/08/14 00:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Extensions
[2010/01/11 23:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/14 00:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2013/06/01 22:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\ubmwqxtu.default\extensions
[2012/12/25 01:25:30 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\firefox\profiles\ubmwqxtu.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013/05/29 10:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/22 08:59:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/22 08:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/22 08:59:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\UserName\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Rundum-Betrachter-innoPlus Plugin (Enabled) = C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll
CHR - Extension: SKiD Racer = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
CHR - Extension: YouTube = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ultimate Flash Sonic = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp\1.0_0\
CHR - Extension: Fast Car = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnilkflnlkekeioahamkfjcklliecpf\1.5_0\
CHR - Extension: Plants vs Zombies = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Galactic Titans = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelcgelgojkledbkgfbjmbhojbfkmhbh\1.0_0\
CHR - Extension: Greyscale = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0_0\
CHR - Extension: Google Mail = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/06/02 10:42:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - Startup: C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk = C:\Program Files (x86)\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-691484766-175042921-2864471598-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-691484766-175042921-2864471598-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{469358A3-F7B6-4CCA-94B6-7258214C12C1}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F8266EC-61F7-43AA-9475-092D1558D160}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A4C10B8-87C6-4ED1-A05D-A74FAD7DE00E}: NameServer = 193.189.244.206 193.189.244.225
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/02 17:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/02 13:19:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/02 10:46:36 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/06/02 10:29:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/06/02 10:29:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/06/02 10:29:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/06/02 10:29:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/06/02 10:29:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/02 10:29:14 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/06/02 09:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/06/02 00:42:10 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Malwarebytes
[2013/06/02 00:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/02 00:41:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/06/02 00:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/02 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/02 00:41:48 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Programs
[2013/06/01 23:50:55 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/06/01 23:50:46 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/22 08:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/15 21:23:08 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ELFE 1-6
[2013/05/15 21:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELFE 1-6
[2013/05/15 21:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ELFE 1-6
========== Files - Modified Within 30 Days ==========
[2013/06/02 22:55:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 20:55:08 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/02 18:38:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/02 17:41:39 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/02 17:41:39 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/02 17:37:08 | 001,675,450 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/02 17:37:08 | 000,721,524 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/06/02 17:37:08 | 000,671,712 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/02 17:37:08 | 000,159,316 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/06/02 17:37:08 | 000,128,510 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/02 17:35:51 | 000,001,760 | ---- | M] () -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
[2013/06/02 17:32:00 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/02 10:42:53 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/06/02 00:41:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/30 15:13:39 | 000,492,392 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/05/24 14:31:53 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/15 21:23:08 | 000,001,007 | ---- | M] () -- C:\Users\UserName\Desktop\ELFE 1-6.lnk
========== Files Created - No Company Name ==========
[2013/06/02 10:29:37 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/06/02 10:29:37 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/06/02 10:29:37 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/06/02 10:29:37 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/06/02 10:29:37 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/06/02 00:41:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/15 21:23:08 | 000,001,007 | ---- | C] () -- C:\Users\UserName\Desktop\ELFE 1-6.lnk
[2012/07/25 07:17:20 | 000,007,597 | ---- | C] () -- C:\Users\UserName\AppData\Local\Resmon.ResmonCfg
[2012/07/15 14:10:21 | 000,000,786 | ---- | C] () -- C:\windows\SysWow64\AZSPELL.INI
[2012/07/15 14:10:16 | 001,037,824 | ---- | C] () -- C:\windows\SysWow64\H5KRNL32.DLL
[2012/07/15 14:10:16 | 000,252,768 | ---- | C] () -- C:\windows\SysWow64\capicom.dll
[2012/07/15 14:10:16 | 000,188,928 | ---- | C] () -- C:\windows\SysWow64\H5ICON32.DLL
[2012/07/15 14:10:16 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\H5MENU32.DLL
[2012/07/15 14:10:16 | 000,114,176 | ---- | C] () -- C:\windows\SysWow64\H5DLG32.DLL
[2012/07/15 14:10:16 | 000,094,208 | ---- | C] () -- C:\windows\SysWow64\H5RTF32.DLL
[2012/07/15 14:10:16 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\H5TOOL32.DLL
[2012/04/16 19:30:16 | 000,000,074 | ---- | C] () -- C:\windows\tm.ini
[2011/12/05 21:53:47 | 000,000,917 | ---- | C] () -- C:\Users\UserName\.recently-used.xbel
[2010/11/15 23:12:52 | 000,001,672 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\dvdae.config
[2010/08/14 00:33:11 | 000,007,503 | ---- | C] () -- C:\Users\UserName\NeueZeichnung.edf
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2010/05/01 15:41:19 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\1morebee
[2011/02/27 22:15:05 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\7Wonders
[2012/09/07 21:33:51 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\8floor
[2011/04/20 22:08:05 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Age of Japan
[2011/06/11 22:34:35 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Akhra
[2011/01/01 14:22:51 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\AlawarSouthpoint
[2012/08/21 22:59:46 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\aliasworlds
[2011/01/12 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Anarchy
[2012/04/02 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Anuman
[2011/02/26 22:25:39 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Artifact Quest
[2011/09/07 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Artifex Mundi
[2011/10/03 20:22:47 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Ashampoo
[2010/05/20 23:48:43 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Ashampoo Cover Studio
[2010/01/05 22:59:12 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Ashtons Family Resort
[2010/01/15 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Atari
[2012/04/09 22:00:06 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Awem
[2013/04/23 19:38:18 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Azureus
[2011/04/17 21:53:40 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Babylonia
[2012/08/07 22:51:29 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\BarbarianGames
[2011/02/19 22:11:28 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Batovi
[2010/01/04 19:54:16 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\BeachPartyCraze
[2013/02/11 20:52:20 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\BlamGames
[2012/01/07 22:04:03 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\blg
[2012/12/30 23:35:51 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\BlooBuzz
[2011/01/05 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Boolat Games
[2010/03/31 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Boomzap
[2012/10/06 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Camel101
[2010/02/09 22:05:29 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Canneverbe Limited
[2011/03/02 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\CannyGames
[2012/12/30 19:28:51 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\casualArts
[2011/08/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Clockwork Pixels
[2010/03/21 15:34:15 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\CupcakeCafe
[2011/04/16 22:37:05 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\DeepVoyage
[2011/03/18 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Divo Games
[2010/03/28 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\EleFun Games
[2012/04/17 20:38:01 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\elsterformular
[2011/03/04 20:32:30 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\EnchantedCavern
[2011/01/16 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ERS G-Studio
[2011/03/04 17:37:50 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Family Farm
[2013/02/21 19:44:31 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Farm Girl am Nil
[2010/05/02 21:17:19 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Farm Mania
[2012/04/05 23:34:40 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Farm Mania 2
[2012/01/04 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Farm Mania 2.1
[2010/05/15 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\FarmerJane
[2012/12/28 23:37:52 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\FarmFables
[2011/01/02 13:21:59 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\freshgames
[2011/09/08 21:19:49 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Friday's games
[2010/01/06 20:06:20 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\game
[2010/01/06 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\gamehouse
[2011/06/02 21:11:16 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\GameInvest
[2010/01/06 18:57:34 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Gamelab
[2010/05/30 20:47:37 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Go Go Gourmet
[2011/08/30 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\GreenSauceGames
[2011/09/13 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\gtk-2.0
[2012/03/31 21:36:20 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Happy Chef
[2011/06/10 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\iMaxGen
[2010/11/15 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ImTOO
[2011/06/03 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\InImages
[2010/05/29 20:34:14 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ITTNord
[2010/01/05 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Jane s Hotel
[2011/06/03 19:06:46 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Jane s Hotel 3
[2011/02/13 21:44:34 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Jewel Keepers Easter Island
[2011/04/15 20:25:31 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Jewel Match 3
[2011/03/19 22:01:16 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\JewelMatch2
[2012/09/08 20:48:22 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Jumb-O-Fun Games
[2010/01/15 21:36:54 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Leadertech
[2010/02/19 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Magic Seeds
[2011/03/22 23:02:17 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\MagicTale
[2011/04/21 22:06:39 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\MBT
[2011/04/19 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\md studio
[2012/01/07 21:32:54 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Mean Hamster
[2010/04/05 20:58:46 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2013/02/24 14:35:42 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Meridian93
[2010/05/14 20:39:54 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\NevoSoft Games
[2011/10/03 22:22:52 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Notepad++
[2013/02/23 22:04:55 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Oberon Games
[2010/06/27 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\OpenOffice.org
[2011/06/17 20:36:44 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Orneon
[2013/03/03 00:04:45 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\PetShowCraze
[2011/06/23 19:35:32 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Ph03nixNewMedia
[2013/02/24 16:54:20 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\PlayFirst
[2012/01/08 20:03:05 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\playmink
[2012/12/29 23:33:23 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Playrix Entertainment
[2010/08/14 00:21:54 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\prism
[2011/10/03 20:53:34 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\QSGames
[2012/12/28 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Rainbow
[2011/01/22 20:20:50 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Sahmon Games
[2011/01/02 19:38:46 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Sandlot Games
[2012/12/05 23:40:52 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ScreeNet iSaver
[2011/08/28 13:21:19 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ShamanGS
[2010/06/03 21:05:47 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Shape games
[2011/02/23 22:54:57 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Skunk Studios
[2010/02/26 21:08:00 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Softland
[2012/10/03 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\SulusGames
[2011/04/26 20:28:28 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\TFS2
[2013/02/17 00:11:25 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\thejoyoffarming
[2010/01/11 23:31:02 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Thunderbird
[2011/03/06 20:29:38 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Try2
[2010/03/12 21:05:55 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/06/03 20:35:02 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\URSE Games
[2013/01/02 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Valusoft
[2013/02/13 22:05:28 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ViquaSoft
[2011/01/22 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Vogat Interactive
[2011/01/12 20:08:19 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\webex
[2012/12/29 00:28:42 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\YoudaGames
[2010/01/03 19:10:28 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Zylom
[2010/01/06 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Zylom DressUpRush
========== Purity Check ==========
< End of report > --- --- --- |