Siechfried77

Member
  • Content Count

    34
  • Joined

  • Last visited

Everything posted by Siechfried77

  1. hm, Combofix hat gesagt, der Rechner muss aufgrund von Rootkit-Aktivitäten neu gestartet werden. Ist passiert, aber was jetzt? Es gibt keine Combofix.txt....HILFE!!!
  2. Huhu, also, das neue ScanLog File hab ich angehängt...aber Fixlog ....ist das das 2.?
  3. kommt schon, war noch nicht fertig :-) aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-03 12:48:06 ----------------------------- 12:48:06.600 OS Version: Windows 6.0.6002 Service Pack 2 12:48:06.600 Number of processors: 2 586 0x1706 12:48:06.603 ComputerName: ADAM-PC UserName: Adam 12:48:11.732 Initialize success 12:49:18.672 AVAST engine defs: 12120200 12:49:26.358 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 12:49:26.364 Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 3 12:49:26.382 Disk 0 MBR read successfully 12:49:26.391 Disk 0 MBR scan 12:49:26.430 Disk 0 unknown MBR code 12:49:26.438 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 465466 MB offset 63 12:49:26.470 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11470 MB offset 953276416 12:49:26.477 Disk 0 scanning sectors +976766976 12:49:26.586 Disk 0 scanning C:\Windows\system32\drivers 12:49:59.566 File: C:\Windows\system32\drivers\tdx.sys **SUSPICIOUS** 12:50:05.197 Disk 0 trace - called modules: 12:50:05.217 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8abb1698]<< 12:50:05.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87543ac8] 12:50:05.562 3 CLASSPNP.SYS[82f968b3] -> nt!IofCallDriver -> [0x8a9b8030] 12:50:05.574 \Driver\00002021[0x8abddc38] -> IRP_MJ_CREATE -> 0x8abb1698 12:50:09.007 AVAST engine scan C:\Windows 12:50:20.375 AVAST engine scan C:\Windows\system32 12:58:21.920 AVAST engine scan C:\Windows\system32\drivers 12:58:50.344 File: C:\Windows\system32\drivers\tdx.sys **SUSPICIOUS** 12:58:59.838 AVAST engine scan C:\Users\Adam 13:44:43.276 AVAST engine scan C:\ProgramData 13:55:20.064 Scan finished successfully 14:50:34.793 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat" 14:50:34.799 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"
  4. Hallo, erstmal danke für die schnelle Antwort, mache mir echt Sorgen.... OTL.txt: OTL logfile created on: 03.12.2012 12:19:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,35% Memory free 6,14 Gb Paging File | 3,71 Gb Available in Paging File | 60,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 454,56 Gb Total Space | 294,45 Gb Free Space | 64,78% Space Free | Partition Type: NTFS Drive D: | 11,20 Gb Total Space | 1,85 Gb Free Space | 16,47% Space Free | Partition Type: NTFS Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.03 12:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe PRC - [2012.12.02 13:21:39 | 003,085,736 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2012.10.31 17:41:14 | 006,381,496 | ---- | M] (Systweak) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe PRC - [2012.10.13 00:54:40 | 001,088,424 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe PRC - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.10.03 14:50:54 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.10.03 14:50:46 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.08.30 16:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.08.30 16:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.08.08 20:28:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.13 18:12:21 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.10 05:46:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 05:46:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.10 05:46:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.03 19:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe PRC - [2012.04.25 18:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe PRC - [2011.12.05 12:42:22 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe PRC - [2011.11.07 20:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe PRC - [2011.11.04 16:04:24 | 000,412,672 | ---- | M] (Sciper) -- C:\Users\Adam\Downloads\Battery-Tool.exe PRC - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2011.03.30 15:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe PRC - [2009.05.07 13:27:09 | 000,270,336 | ---- | M] () -- C:\Users\Adam\Documents\wopt010[1]\WLANOptimizerNET.exe PRC - [2009.05.03 13:54:15 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) -- C:\Windows\System32\ieconfig_1und1_svc.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 11:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008.09.11 12:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe PRC - [2008.09.11 12:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2008.06.27 16:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe PRC - [2007.12.07 16:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Program Files\1&1\Stcenter.exe PRC - [2007.10.25 16:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files\1&1\IGDCTRL.EXE PRC - [2006.12.23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.10.31 17:41:14 | 001,730,488 | ---- | M] () -- C:\Program Files\Advanced System Protector\aspsys.dll MOD - [2012.10.26 14:28:44 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2012.10.13 00:55:38 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll MOD - [2012.10.13 00:55:38 | 000,092,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll MOD - [2012.10.13 00:55:22 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.10.13 00:55:22 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.10.13 00:55:20 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.10.13 00:55:18 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.10.13 00:55:18 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.10.13 00:55:16 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.10.13 00:55:16 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.10.13 00:55:14 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.10.13 00:55:14 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.10.13 00:55:12 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.10.13 00:55:12 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.10.13 00:55:08 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.10.13 00:55:04 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll MOD - [2012.10.13 00:55:04 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll MOD - [2012.10.13 00:55:02 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll MOD - [2012.10.13 00:54:34 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll MOD - [2012.10.13 00:53:56 | 000,605,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.10.13 00:31:20 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.10.13 00:31:20 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll MOD - [2012.10.13 00:30:34 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2012.07.25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files\Advanced System Protector\System.Data.SQLite.dll MOD - [2012.07.25 12:03:12 | 000,168,448 | ---- | M] () -- C:\Program Files\Advanced System Protector\unrar.dll MOD - [2012.06.14 20:10:15 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.14 20:09:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.14 20:09:07 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll MOD - [2012.06.14 20:09:06 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll MOD - [2012.06.14 14:47:13 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 14:47:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 14:46:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 14:45:24 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.13 09:45:30 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.13 09:44:34 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8455a2be044530a091b714f5a6415d6b\CustomMarshalers.ni.dll MOD - [2012.05.12 17:35:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.12 17:35:51 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll MOD - [2012.05.12 17:35:51 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll MOD - [2012.05.12 17:35:51 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll MOD - [2012.05.12 17:35:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.12 15:21:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b7181bb19dd5dd74cd063f0312cdf57\System.Xml.ni.dll MOD - [2012.05.12 15:20:54 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.05.12 15:20:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll MOD - [2012.05.12 15:20:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 15:20:15 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.12 15:20:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.12 15:20:02 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.04.25 18:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll MOD - [2012.04.25 18:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll MOD - [2012.04.25 18:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll MOD - [2012.04.25 18:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll MOD - [2012.04.25 18:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll MOD - [2012.04.25 18:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.30 15:45:12 | 000,016,360 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll MOD - [2011.03.30 15:45:06 | 000,236,520 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll MOD - [2011.03.30 15:45:06 | 000,218,600 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll MOD - [2011.03.30 15:45:04 | 001,869,288 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Services.dll MOD - [2011.03.30 15:45:02 | 000,041,960 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll MOD - [2011.03.30 15:45:00 | 000,337,896 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll MOD - [2009.05.07 13:27:09 | 000,270,336 | ---- | M] () -- C:\Users\Adam\Documents\wopt010[1]\WLANOptimizerNET.exe MOD - [2009.04.11 07:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2009.04.11 07:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2009.04.11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.04.11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:12 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2009.03.30 05:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll MOD - [2009.02.25 02:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 02:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.09.30 15:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008.09.30 15:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008.09.30 15:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008.09.30 15:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008.09.30 15:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008.09.30 15:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008.09.30 15:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008.09.30 15:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.06.30 00:10:18 | 000,028,672 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\richvideops.dll MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security) SRV - [2012.12.02 13:21:39 | 003,085,736 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.12.02 12:46:00 | 000,457,600 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Adam\AppData\Local\Temp\QCI.exe -- (QCI) SRV - [2012.12.02 12:45:44 | 000,551,808 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Adam\AppData\Local\Temp\HONFBQ.exe -- (HONFBQ) SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.13 06:48:19 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 05:46:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 05:46:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.25 18:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011.11.07 20:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.05.03 13:54:15 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2008.09.23 11:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.11 12:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV) SRV - [2008.06.27 16:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.10.25 16:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\1&1\IGDCTRL.EXE -- (IGDCTRL) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX) DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\6F56.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.30 20:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.06.27 14:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.06.11 13:17:44 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2012.06.11 13:17:44 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012.06.11 13:17:44 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012.06.11 13:17:44 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2012.06.11 13:17:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012.06.11 13:17:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2012.05.10 05:46:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.10 05:46:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2012.02.29 11:53:06 | 000,076,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV84.sys -- (SSHDRV84) DRV - [2011.11.14 15:58:34 | 000,015,096 | ---- | M] (HeavenWard) [Kernel | System | Running] -- C:\Windows\System32\drivers\RemoveAny.sys -- (RemoveAny) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2011.03.31 23:10:14 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmCAudio.sys -- (DrmCAudio) DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5) DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4) DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3) DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2) DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1) DRV - [2010.07.20 06:09:56 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.20 18:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - [2008.11.17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.09.11 12:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.07.22 16:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.07.21 11:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.04.29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/dvdstyler/{B95BE683-9066-4ACE-A883-26F289630519} IE - HKLM\..\URLSearchHook: {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - SOFTWARE\Classes\CLSID\{3b5aaea6-ae6d-45ab-a626-99ac24fd105b}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0820D288-DAD3-4EE0-B111-FE694DD85E38}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{4FD5A5D6-240E-495F-AB4C-BCB37C23B8CE}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{91B75690-BE1C-4F85-A1E4-9F34793CB261}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=58cc9523-f7fd-11e0-a698-00235a34ac8f&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{B2A9614F-430D-4BED-AD83-2EF7C94CC8AD}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={3D573CD4-9A80-4116-B9F7-E31A099A3A1A} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10206&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.web.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10206&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.1und1.de/links/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10206&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {C0187D6C-1AD6-4194-B0FD-721989735B3A} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=116198&tt=4412_8&babsrc=SP_ss&mntrId=2b7c904300000000000000216bc54b6a IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=BAV5&o=101720&src=crm&q={searchTerms}&locale=en_US IE - HKCU\..\SearchScopes\{37839E82-2B6A-429F-A7CE-5F084F014580}: "URL" = http://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{3B921F63-485C-4A84-9A64-884088BEE08A}: "URL" = http://suche.gmx.net/search/web/?su={searchTerms}&[email protected]@[email protected]&origin=searchplugin IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=C9B4FFAF0703DBB0EA61C94FDB85A680&q={searchTerms} IE - HKCU\..\SearchScopes\{5454E5F8-791E-408C-80A8-08BBB03DA526}: "URL" = http://suche.web.de/search/web/?su={searchTerms}&[email protected]@[email protected]&origin=searchplugin IE - HKCU\..\SearchScopes\{91B75690-BE1C-4F85-A1E4-9F34793CB261}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=58cc9523-f7fd-11e0-a698-00235a34ac8f&q={searchTerms} IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.autocompletepro.com/?si=10206&bi=400&q={searchTerms} IE - HKCU\..\SearchScopes\{B79AC7A0-5C18-4217-8912-C71A95A32DDE}: "URL" = http://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{C0187D6C-1AD6-4194-B0FD-721989735B3A}: "URL" = http://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{C0D8C172-64C7-471D-9D42-A6A6CF4C63D7}: "URL" = http://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92823176077736824 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={3D573CD4-9A80-4116-B9F7-E31A099A3A1A} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = http://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 18:13:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.26 14:37:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 11:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 05:57:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\ab9by06q.default\extensions\[email protected] [2012.12.01 11:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\mozilla\Extensions [2012.12.03 12:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\mozilla\Firefox\Profiles\j1uif8ah.default\extensions [2012.12.01 11:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.12.25 16:24:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.29 18:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected] [2011.07.08 10:15:58 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\[email protected] [2012.12.01 11:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2012.12.01 11:48:13 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected] [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2012.06.13 18:12:33 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012.02.27 16:36:54 | 000,003,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\acpro.xml [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.29 18:09:38 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 19:58:16 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml [2011.10.23 16:23:25 | 000,002,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search () CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: http://www.claro-search.com/?affID=116198&tt=4412_8&babsrc=HP_ss&mntrId=2b7c904300000000000000216bc54b6a CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2012.02.05 16:54:39 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll File not found O2 - BHO: (TBSB01758 Class) - {02B1FD5A-D2A2-45AA-9959-C7BCA6AD319E} - C:\Program Files\GutscheinFinder\tbcore3.dll () O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll File not found O2 - BHO: (Giant Savings) - {11111111-1111-1111-1111-110011441179} - C:\Program Files\Giant Savings\Giant Savings.dll (215 Apps) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.7\PriceGongIE.dll (PriceGong) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Sopcast Toolbar) - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSopc.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll File not found O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (GutscheinFinder) - {1DD0B266-E640-46D1-AC22-C56831180C31} - C:\Program Files\GutscheinFinder\tbcore3.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O3 - HKLM\..\Toolbar: (Sopcast Toolbar) - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSopc.dll File not found O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll File not found O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll File not found O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (GutscheinFinder) - {1DD0B266-E640-46D1-AC22-C56831180C31} - C:\Program Files\GutscheinFinder\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Toolbar) - {3B5AAEA6-AE6D-45AB-A626-99AC24FD105B} - C:\Program Files\Sopcast\tbSopc.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft) O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [batteryStatus] C:\Program Files\SRS Battery Status\BatteryStatus.exe File not found O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [battery-Tool] C:\Users\Adam\Downloads\Battery-Tool.exe (Sciper) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [WLAN Optimizer] C:\Users\Adam\Documents\wopt010[1]\WLANOptimizerNET.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Free YouTube Download - C:\Users\Adam\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Adam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: wilmaa.com ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_18-windows-i586.cab (Java Plug-in 1.5.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E15A73B9-9767-473B-986E-D1E9DFD99423}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {340219A6-77F0-4A73-8735-3ECBE48CC077} - WEB.DE Browser Add-on ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{261C9825-91ED-4FA1-B24A-8AB4C0219647} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found NetSvcs: BITS - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.03 12:16:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe [2012.12.02 19:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.12.02 19:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.12.02 19:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\HeavenWard [2012.12.02 11:25:31 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Systweak [2012.12.02 11:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced File Optimizer [2012.12.02 11:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced File Optimizer [2012.12.02 11:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector [2012.12.02 11:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak [2012.12.02 11:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector [2012.12.02 11:02:01 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Systweak [2012.12.02 11:01:57 | 000,015,544 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.12.02 11:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro [2012.12.02 11:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro [2012.12.01 12:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.12.01 12:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012.12.01 12:32:44 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Anti-Malware [2012.11.30 18:40:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.30 18:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.30 18:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.30 18:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2012.11.11 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Superbox [2012.11.11 12:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Superbox [2012.11.11 12:27:24 | 001,093,632 | ---- | C] (POLAR) -- C:\Windows\System32\POLARDraw20.ocx [2012.11.11 12:27:24 | 000,389,120 | ---- | C] (dltech) -- C:\Windows\System32\axbarcode.ocx [2012.11.11 12:27:24 | 000,362,576 | ---- | C] (Data Dynamics) -- C:\Windows\System32\Actbar.ocx [2012.11.11 12:27:22 | 003,702,784 | ---- | C] (Entisoft) -- C:\Windows\System32\Est2_0.dll [2012.11.11 12:27:22 | 000,065,536 | ---- | C] (Ingenuware, Ltd.) -- C:\Windows\System32\ImpulseASM.dll [2012.11.11 12:27:21 | 001,331,200 | ---- | C] (Ingenuware, Ltd.) -- C:\Windows\System32\ImpulseGlobals.dll [2012.11.11 12:27:21 | 000,438,272 | ---- | C] (Ingenuware, Ltd.) -- C:\Windows\System32\ImpulseButton.ocx [2012.11.11 12:27:21 | 000,090,112 | ---- | C] (Imagine IT Limited) -- C:\Windows\System32\iTWAIN41.ocx [2012.11.11 12:27:19 | 000,385,024 | ---- | C] (Olson Software Ltd.) -- C:\Windows\System32\oshtl332.dll [2012.11.11 12:27:19 | 000,321,392 | ---- | C] (Olson Software Ltd.) -- C:\Windows\System32\Oshtols3.dll [2012.11.11 12:27:18 | 000,856,856 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\ssdw3b32.ocx [2012.11.11 12:27:18 | 000,559,896 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\ssdw3a32.ocx [2012.11.11 12:27:18 | 000,340,768 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\ssa3d30.ocx [2012.11.11 12:27:18 | 000,324,376 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\SSTree.ocx [2012.11.11 12:27:18 | 000,172,832 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\sssplt30.ocx [2012.11.11 12:27:18 | 000,148,256 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\ssresz30.ocx [2012.11.11 12:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Superbox [2012.11.08 19:43:45 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Amazon MP3 [2012.11.04 16:48:43 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\.Torrent Stream [2012.11.04 16:47:46 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\TorrentStream [2012.11.04 16:31:07 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\EurekaLog [2012.11.03 14:00:24 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\FDRLab [2012.11.03 14:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\FDRLab [2012.11.03 14:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyTV [2009.05.16 12:25:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys [2009.05.12 11:51:36 | 054,861,592 | ---- | C] (Sun Microsystems, Inc. ) -- C:\Users\Adam\jdk-1_5_0_18-windows-i586-p.exe [33 C:\Users\Adam\Documents\*.tmp files -> C:\Users\Adam\Documents\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.03 12:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe [2012.12.03 12:11:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.03 12:11:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.03 12:11:11 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.03 12:11:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.03 12:04:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.03 12:04:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 12:04:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 12:04:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.03 12:04:04 | 3186,577,408 | -HS- | M] () -- C:\hiberfil.sys [2012.12.02 20:12:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.12.02 19:53:30 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.02 19:11:05 | 000,002,211 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1&1 FRITZ!Box starter.lnk [2012.12.02 17:32:00 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdam.job [2012.12.02 15:18:17 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.12.02 15:07:21 | 463,940,655 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.02 15:02:22 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2012.12.02 12:27:17 | 003,735,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.02 12:26:04 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2012.12.02 11:25:26 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Advanced File Optimizer.lnk [2012.12.02 11:02:23 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk [2012.12.02 11:01:56 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk [2012.12.01 12:33:37 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.12.01 11:48:45 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.01 10:21:19 | 000,000,680 | ---- | M] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat [2012.11.30 18:40:44 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.11.29 19:52:23 | 000,002,176 | ---- | M] () -- C:\Users\Adam\Documents\PDF-Rechnung unicorn.pdf [2012.11.24 17:15:02 | 000,003,405 | ---- | M] () -- C:\Users\Adam\AppData\Local\recently-used.xbel [2012.11.18 13:47:25 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk [2012.11.14 18:10:25 | 000,002,597 | ---- | M] () -- C:\Users\Adam\Desktop\Microsoft Office Word 2003.lnk [2012.11.05 18:17:36 | 000,104,960 | ---- | M] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.03 14:00:25 | 000,000,831 | ---- | M] () -- C:\Users\Adam\Desktop\AnyTV.lnk [33 C:\Users\Adam\Documents\*.tmp files -> C:\Users\Adam\Documents\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.02 15:18:17 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.12.02 11:25:26 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Advanced File Optimizer.lnk [2012.12.02 11:02:23 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk [2012.12.02 11:02:20 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe [2012.12.02 11:02:12 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2012.12.02 11:02:09 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2012.12.02 11:01:56 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk [2012.12.01 12:33:37 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.12.01 11:48:45 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.12.01 11:48:45 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.30 18:40:44 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.11.29 19:49:57 | 000,002,176 | ---- | C] () -- C:\Users\Adam\Documents\PDF-Rechnung unicorn.pdf [2012.11.24 17:15:02 | 000,003,405 | ---- | C] () -- C:\Users\Adam\AppData\Local\recently-used.xbel [2012.11.18 13:47:25 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk [2012.11.11 12:27:22 | 000,000,541 | ---- | C] () -- C:\Windows\System32\ESTools.Run [2012.11.11 12:27:21 | 000,001,536 | ---- | C] () -- C:\Windows\System32\ISWin32.tlb [2012.11.11 12:27:21 | 000,000,256 | ---- | C] () -- C:\Windows\System32\iTWAIN41.rtl [2012.11.11 12:27:18 | 000,006,114 | ---- | C] () -- C:\Windows\System32\Shelllnk.tlb [2012.11.03 14:00:25 | 000,000,831 | ---- | C] () -- C:\Users\Adam\Desktop\AnyTV.lnk [2012.10.26 14:28:41 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2012.09.18 09:49:18 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2012.06.18 18:18:21 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\wklnhst.dat [2012.06.09 17:13:06 | 000,198,443 | ---- | C] () -- C:\Users\Adam\PassbildKlaus1.jpg [2012.04.13 11:00:06 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll [2012.04.12 10:18:08 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.03.21 12:45:36 | 000,004,096 | -H-- | C] () -- C:\Users\Adam\AppData\Local\keyfile3.drm [2012.02.29 11:53:06 | 000,076,800 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV84.sys [2012.02.29 11:52:51 | 000,159,920 | ---- | C] () -- C:\Windows\Das Sams Uninstaller.exe [2012.02.27 16:55:41 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2011.12.20 16:40:30 | 000,000,705 | ---- | C] () -- C:\Users\Adam\Webcam.lnk [2011.11.27 16:01:44 | 000,463,505 | ---- | C] () -- C:\Users\Adam\Musterkuendigung.pdf [2011.11.19 21:23:56 | 001,503,089 | ---- | C] () -- C:\Users\Adam\Ofenanleitung.pdf [2011.07.08 10:17:06 | 000,000,275 | ---- | C] () -- C:\Users\Adam\AppData\Local\HamsterVideoConverterSettings.cfg [2011.04.26 18:51:25 | 000,000,680 | ---- | C] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat [2011.02.25 16:05:24 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini [2011.02.10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2010.12.29 02:23:14 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.07.20 10:59:44 | 000,071,214 | ---- | C] () -- C:\Users\Adam\systemlog [2009.12.15 15:58:04 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.08.29 18:59:58 | 000,000,600 | ---- | C] () -- C:\Users\Adam\PUTTY.RND [2009.08.13 19:40:27 | 000,160,872 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.13 18:30:57 | 000,160,872 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.05.16 12:25:46 | 000,087,608 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\inst.exe [2009.05.16 12:25:46 | 000,007,887 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat [2009.05.16 12:25:46 | 000,001,144 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf [2009.05.16 10:55:44 | 000,000,133 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\burnaware.ini [2009.05.13 14:56:50 | 000,104,960 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.21 20:47:09 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe ========== ZeroAccess Check ========== [2012.12.02 10:36:41 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JM6V3D8U\t.cxt.ms\lso.swf\u.sol [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.05 19:49:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\.Torrent Stream [2012.10.21 12:03:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Aiseesoft Studio [2010.01.10 12:18:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Amazon [2012.06.08 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AnvSoft [2009.10.30 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ASCON Installer [2012.04.12 10:18:19 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\CAD-KAS [2009.12.20 17:25:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Canon [2010.09.21 19:39:19 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.09.21 14:20:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\CosmeticGuide [2012.02.26 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Cuttermaran [2012.09.25 19:23:20 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Cyahly [2012.09.26 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Desktopicon [2011.08.13 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Digiarty [2012.05.07 08:29:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Downloaded Installations [2012.06.25 18:42:21 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DVDVideoSoft [2012.06.08 16:52:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.25 15:38:44 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\EAC [2012.02.25 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\elsterformular [2011.07.08 12:42:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Engelmann Media [2012.11.04 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\EurekaLog [2012.11.03 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FDRLab [2009.05.16 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FinalBurner Video DVD [2009.08.16 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FreeStone Group [2012.06.08 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FreeVideoConverter [2009.05.05 19:06:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FRITZ! [2012.06.08 16:39:35 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\GetRightToGo [2012.01.09 16:00:33 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0 [2012.10.29 18:03:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\HandBrake [2012.10.10 17:13:08 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\inkscape [2009.08.09 09:35:09 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\IrfanView [2009.05.10 17:14:35 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\KIDDINX [2012.09.25 19:59:12 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Lala [2012.10.25 10:19:49 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\LucasArts [2010.10.09 10:53:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MAGIX [2010.10.21 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ManyCam [2012.02.27 11:14:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MathGame [2011.10.23 16:23:18 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MusicNet [2012.10.20 12:34:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Nokia [2012.10.20 12:34:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Nokia Suite [2012.10.28 10:57:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenCandy [2012.04.12 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org [2012.06.12 15:56:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Opera [2012.08.31 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Party [2011.12.27 12:08:36 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PC Suite [2012.09.29 20:35:35 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PCCUStubInstaller [2010.09.23 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PhotoScape [2009.08.15 16:41:38 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PPMate [2012.02.05 16:54:18 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ppStream [2009.12.15 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\RipIt4Me [2009.12.30 23:28:47 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Samsung [2012.09.25 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sayxh [2009.09.30 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\StreamTorrent [2012.12.02 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Systweak [2012.10.29 18:07:47 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TuneUp Software [2012.06.03 10:45:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Usenet.nl [2010.02.25 15:35:53 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Video DVD Maker FREE [2011.12.18 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\VistaCodecs [2009.05.16 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso [2011.07.08 10:10:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Xilisoft [2012.02.26 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\XMedia Recode [2011.02.16 18:47:50 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Zoner ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.25 19:46:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.04.14 05:35:48 | 000,000,000 | ---D | M] -- C:\5991a093dbc617d0d95c [2011.09.15 06:00:39 | 000,000,000 | ---D | M] -- C:\974efc9763b0e0ac6bf1a1ba4502fcf1 [2010.11.04 06:54:41 | 000,000,000 | ---D | M] -- C:\999fd2c7dcbac0a26d23 [2011.03.04 07:01:48 | 000,000,000 | -HSD | M] -- C:\boot [2011.04.14 05:53:18 | 000,000,000 | ---D | M] -- C:\d7c9c7c0f324daabfa9866014de4c3b0 [2012.11.05 16:23:47 | 000,000,000 | ---D | M] -- C:\David Garrett [2012.10.03 18:15:20 | 000,000,000 | ---D | M] -- C:\Direct cut [2011.12.15 20:52:04 | 000,000,000 | ---D | M] -- C:\divx [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.05.02 17:38:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.05.02 17:40:57 | 000,000,000 | -H-D | M] -- C:\HP [2009.03.10 12:55:11 | 000,000,000 | ---D | M] -- C:\Intel [2009.05.10 17:13:17 | 000,000,000 | ---D | M] -- C:\Kiddinx [2008.10.21 21:29:49 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.01.28 16:45:32 | 000,000,000 | ---D | M] -- C:\My Music [2012.09.30 14:40:58 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.05 19:56:02 | 000,000,000 | ---D | M] -- C:\Poker [2009.08.15 16:57:51 | 000,000,000 | ---D | M] -- C:\ppmaterecord [2012.12.02 19:44:07 | 000,000,000 | ---D | M] -- C:\Program Files [2012.04.13 11:00:05 | 000,000,000 | ---D | M] -- C:\Program1 [2012.12.02 11:02:21 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.05.02 17:38:51 | 000,000,000 | -HSD | M] -- C:\Programme [2009.07.06 21:22:43 | 000,000,000 | ---D | M] -- C:\Programs [2011.08.06 10:00:35 | 000,000,000 | ---D | M] -- C:\SwSetup [2012.12.03 12:25:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.10.21 13:10:06 | 000,000,000 | -H-D | M] -- C:\System.sav [2012.10.24 16:28:18 | 000,000,000 | ---D | M] -- C:\TEMP [2011.12.22 07:41:46 | 000,000,000 | ---D | M] -- C:\Tivola [2012.09.30 14:52:08 | 000,000,000 | R--D | M] -- C:\Users [2012.12.02 15:18:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > < %localappdata%\*. /5 > [2012.12.02 11:25:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Local\Systweak [2012.12.03 12:19:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Local\Temp ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Windows:0B559D5F9CC355BF @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:FB1B13D8 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7D43E156 < End of report > Extras.txt : OTL Extras logfile created on: 03.12.2012 12:19:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,35% Memory free 6,14 Gb Paging File | 3,71 Gb Available in Paging File | 60,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 454,56 Gb Total Space | 294,45 Gb Free Space | 64,78% Space Free | Partition Type: NTFS Drive D: | 11,20 Gb Total Space | 1,85 Gb Free Space | 16,47% Space Free | Partition Type: NTFS Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129 "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1DC1A6D5-C7A8-3251-16C4-61F5A8822889}" = simfy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup "{3248F0A8-6813-11D6-A77B-00B0D0150180}" = J2SE Runtime Environment 5.0 Update 18 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0150180}" = J2SE Development Kit 5.0 Update 18 "{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{36150EEC-7622-4ECE-AFE3-35033E45F1F5}" = RedShift Sternenkunde "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6 "{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter "{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70 "{611224E0-8836-41CD-B73C-DC4B0EFD90B5}" = BilliBanni 1. Klasse Chaos auf Wolke sieben! "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{641C2187-AB15-415b-9587-D5B310A19ADC}_is1" = Aiseesoft TRP Converter 6.2.52 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}" = LEGO® Star Wars™ III: The Clone Wars™ "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9570A579-88E2-4B73-A28F-3ED8FCB8C0D8}_is1" = Incomedia WebSite X5 v9 - Free "{96F26B8F-2BCA-4157-8F39-742790C361D8}" = Nero Kwik Media "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}" = Gigaset QuickSync "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC06B562-763A-4839-8422-F9C00BEF63E3}" = Iminent "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B28B351F-1232-46EA-85EF-B8EA91641031}" = Nero 7 Essentials "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution "{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7 "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.0 "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EABE970D-5025-4F24-9727-240742AC8A98}" = BilliBanni Vorschule Weiche Landung in Ballonien! "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) "1ClickDownload" = 1ClickDownloader "5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0) "7-Zip" = 7-Zip 4.65 "888poker" = 888poker "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced File Optimizer_is1" = Advanced File Optimizer "Aiseesoft Total Media Converter_is1" = Aiseesoft Total Media Converter "Akamai" = Akamai NetSession Interface Service "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor "AnyTV_is1" = AnyTV 5.15 "Ask Toolbar_is1" = Ask Toolbar "Audiograbber" = Audiograbber 1.83 SE "AutocompletePro3_is1" = AutocompletePro "AutoGK" = Auto Gordian Knot 2.55 "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "blekkotb_031" = blekko search bar "CD Recovery Toolbox Free_is1" = CD Recovery Toolbox Free 1.1 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "claro" = Claro LTD toolbar "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Das Sams" = Das Sams "DealPly" = DealPly "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX-Setup "ElsterFormular 13.0.0.8086p" = ElsterFormular "Everest Poker" = Everest Poker (Remove Only) "ffdshow_is1" = ffdshow v1.1.4096 [2011-11-29] "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228 "Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5.6.804 "Free Studio_is1" = Free Studio version 5.5.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123 "Giant Savings" = Giant Savings "GIMP-2_is1" = GIMP 2.8.0 "Google Chrome" = Google Chrome "Grundschule Lernspass mit Hexe Lilli Englisch Klasse 1+2" = Grundschule Lernspass mit Hexe Lilli Englisch Klasse 1+2 "Grundschule Lernspass mit Hexe Lilli Englisch Klasse 3+4" = Grundschule Lernspass mit Hexe Lilli Englisch Klasse 3+4 "GutscheinFinder" = GutscheinFinder "HandBrake" = HandBrake 0.9.8 "IMBoosterARP" = Iminent "iMesh 1 MediaBar" = MediaBar "Inkscape" = Inkscape 0.48.3.1 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{36150EEC-7622-4ECE-AFE3-35033E45F1F5}" = RedShift Sternenkunde "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan "IrfanView" = IrfanView (remove only) "iSkysoft DRM Removal_is1" = iSkysoft DRM Removal(Build 1.0.5.1) "LesenLernen" = LesenLernen "Lills_is1" = Lills "MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "ManyCam" = ManyCam 2.5.48 (remove only) "MathGame 3.x" = MathGame 3.x "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Nokia Suite" = Nokia Suite "NortonPCCheckup" = Norton PC Checkup "Opera 11.64.1403" = Opera 11.64 "PartyPoker" = PartyPoker "Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a "PDF Creator" = PDF Creator "PDF Editor 3" = PDF Editor 3 "Photobie" = Photobie -- photo editing software from Photobie Design "PhotoScape" = PhotoScape "PokerStars" = PokerStars "PokerStars.net" = PokerStars.net "PriceGong" = PriceGong 2.6.7 "RealPlayer 15.0" = RealPlayer "RegClean Pro_is1" = RegClean Pro "Simfy" = simfy "SopCast" = SopCast 3.4.8 "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0 "Superbox" = Superbox "SynTPDeinstKey" = Synaptics Pointing Device Driver "TBSB01758.TBSB01758Toolbar" = GutscheinFinder "Titan Poker" = Titan Poker "TVUPlayer" = TVUPlayer 2.5.3.1 "Uninstall_is1" = Uninstall 1.0.0.1 "Veetle TV" = Veetle TV "Virtual Plastic Surgery Software - VPSS_is1" = Virtual Plastic Surgery Software - VPSS v1.0 "VLC media player" = VLC media player 2.0.3 "WildTangent hp Master Uninstall" = My HP Games "WinX Free MP4 to WMV Converter_is1" = WinX Free MP4 to WMV Converter 4.1.3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Betfred Poker" = Betfred Poker "Magical Glass" = Magical Glass "Meine Reitschule" = Meine Reitschule "Poker 770" = Poker 770 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.12.2012 14:33:35 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0x1010, Anwendungsstartzeit 01cdd0bb8965873c. Error - 02.12.2012 14:35:45 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0x127c, Anwendungsstartzeit 01cdd0bbd66438bc. Error - 02.12.2012 14:35:51 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0xbe8, Anwendungsstartzeit 01cdd0bbdadc535c. Error - 02.12.2012 14:35:56 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0x12f4, Anwendungsstartzeit 01cdd0bbdde351cc. Error - 02.12.2012 14:36:29 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0x14b0, Anwendungsstartzeit 01cdd0bbf183bbcc. Error - 02.12.2012 14:36:37 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0x122c, Anwendungsstartzeit 01cdd0bbf5d42a2c. Error - 02.12.2012 14:36:47 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0x135c, Anwendungsstartzeit 01cdd0bbfbd1fa6c. Error - 02.12.2012 14:37:01 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0x314, Anwendungsstartzeit 01cdd0bc0445acac. Error - 02.12.2012 14:37:09 | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version 11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618, Prozess-ID 0x10b0, Anwendungsstartzeit 01cdd0bc08e684fc. Error - 02.12.2012 14:39:28 | Computer Name = Adam-PC | Source = Application Hang | ID = 1002 Description = Programm RegCleanPro.exe, Version 6.21.65.2451 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 178c Anfangszeit: 01cdd0b9192ad30c Zeitpunkt der Beendigung: 7004 Error - 03.12.2012 07:10:25 | Computer Name = Adam-PC | Source = HP AdvisorUpdate | ID = 0 Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd" konnte nicht gefunden werden. bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize) bei System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials) bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) bei System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext) bei System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri) bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml [ System Events ] Error - 03.12.2012 07:05:39 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7003 Description = Error - 03.12.2012 07:05:39 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7026 Description = Error - 03.12.2012 07:08:33 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7009 Description = Error - 03.12.2012 07:08:33 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7000 Description = Error - 03.12.2012 07:08:48 | Computer Name = Adam-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 03.12.2012 07:08:48 | Computer Name = Adam-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 03.12.2012 07:08:48 | Computer Name = Adam-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 03.12.2012 07:08:48 | Computer Name = Adam-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 03.12.2012 07:09:04 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7009 Description = Error - 03.12.2012 07:09:04 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >
  5. Hallo liebes Support-Team , mein PC spinnt seit einiger Zeit, Suchanfragen auf google werden auf völlig andere Seiten umgeleitet, Login bei Ebay ging plötzlich nicht mehr. Nun habe ich mit Emisoft Anti-Malware einen Suchlauf gemacht, und gefunden wurde: Rootkit : Windows\system32\drivers\tdx.sys Lässt sich mit dem Programm nicht löschen, kann mir jemand helfen??? Herzlichen Dank im Voraus!!! Siechfried77