Recommended Posts

Hallo liebes Support-Team

,

mein PC spinnt seit einiger Zeit, Suchanfragen auf google werden auf völlig andere Seiten umgeleitet, Login bei Ebay ging plötzlich nicht mehr.

Nun habe ich mit Emisoft Anti-Malware einen Suchlauf gemacht, und gefunden wurde:

 

Rootkit : Windows\system32\drivers\tdx.sys 

 

Lässt sich mit dem Programm nicht löschen, kann mir jemand helfen???

 

Herzlichen Dank im Voraus!!!

 

Siechfried77

Share this post


Link to post
Share on other sites

Hi und Willkommen beim Emsisoft Support Forum!

 

 

 

Falls noch nicht vorhanden, lade Dir bitte http://oldtimer.geekstogo.com/OTL.exe'>OTL von Oldtimer herunter und speichere es auf Deinem Desktop

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die otlfix.jpg Textbox.

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT

  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

 

 

 

 

Downloade dir bitte http://public.avast.com/~gmerek/aswMBR.exe'>aswMBR.exe und speichere die Datei auf deinem Desktop.

  • Starte die aswMBR.exe - (http://www.trojaner-board.de/101564-aswmbr-exe-tool-entfernen-rootkits.html'>aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Share this post


Link to post
Share on other sites

Hallo,

erstmal danke für die schnelle Antwort, mache mir echt Sorgen....

 

OTL.txt:

 

OTL logfile created on: 03.12.2012 12:19:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,35% Memory free
6,14 Gb Paging File | 3,71 Gb Available in Paging File | 60,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 294,45 Gb Free Space | 64,78% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,85 Gb Free Space | 16,47% Space Free | Partition Type: NTFS
 
Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.03 12:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
PRC - [2012.12.02 13:21:39 | 003,085,736 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.10.31 17:41:14 | 006,381,496 | ---- | M] (Systweak) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2012.10.13 00:54:40 | 001,088,424 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.10.03 14:50:54 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.10.03 14:50:46 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.30 16:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.08.30 16:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.08.08 20:28:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.13 18:12:21 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.10 05:46:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 05:46:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.10 05:46:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.03 19:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012.04.25 18:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2011.12.05 12:42:22 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011.11.07 20:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
PRC - [2011.11.04 16:04:24 | 000,412,672 | ---- | M] (Sciper) -- C:\Users\Adam\Downloads\Battery-Tool.exe
PRC - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011.03.30 15:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe
PRC - [2009.05.07 13:27:09 | 000,270,336 | ---- | M] () -- C:\Users\Adam\Documents\wopt010[1]\WLANOptimizerNET.exe
PRC - [2009.05.03 13:54:15 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) -- C:\Windows\System32\ieconfig_1und1_svc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 11:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.09.11 12:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008.09.11 12:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008.06.27 16:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2007.12.07 16:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Program Files\1&1\Stcenter.exe
PRC - [2007.10.25 16:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files\1&1\IGDCTRL.EXE
PRC - [2006.12.23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.12.23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.31 17:41:14 | 001,730,488 | ---- | M] () -- C:\Program Files\Advanced System Protector\aspsys.dll
MOD - [2012.10.26 14:28:44 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012.10.13 00:55:38 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.10.13 00:55:38 | 000,092,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
MOD - [2012.10.13 00:55:22 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.10.13 00:55:22 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.10.13 00:55:20 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.10.13 00:55:18 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.10.13 00:55:18 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.10.13 00:55:16 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.10.13 00:55:16 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.10.13 00:55:14 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.10.13 00:55:14 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.10.13 00:55:12 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.10.13 00:55:12 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.10.13 00:55:08 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.10.13 00:55:04 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.10.13 00:55:04 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.10.13 00:55:02 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.10.13 00:54:34 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012.10.13 00:53:56 | 000,605,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.10.13 00:31:20 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.10.13 00:31:20 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.10.13 00:30:34 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012.07.25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files\Advanced System Protector\System.Data.SQLite.dll
MOD - [2012.07.25 12:03:12 | 000,168,448 | ---- | M] () -- C:\Program Files\Advanced System Protector\unrar.dll
MOD - [2012.06.14 20:10:15 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 20:09:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.14 20:09:07 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll
MOD - [2012.06.14 20:09:06 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012.06.14 14:47:13 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:47:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 14:46:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 14:45:24 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.13 09:45:30 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.13 09:44:34 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8455a2be044530a091b714f5a6415d6b\CustomMarshalers.ni.dll
MOD - [2012.05.12 17:35:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 17:35:51 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012.05.12 17:35:51 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012.05.12 17:35:51 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012.05.12 17:35:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.12 15:21:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b7181bb19dd5dd74cd063f0312cdf57\System.Xml.ni.dll
MOD - [2012.05.12 15:20:54 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.12 15:20:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.12 15:20:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 15:20:15 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.12 15:20:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 15:20:02 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.04.25 18:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012.04.25 18:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012.04.25 18:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012.04.25 18:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012.04.25 18:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012.04.25 18:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.30 15:45:12 | 000,016,360 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll
MOD - [2011.03.30 15:45:06 | 000,236,520 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll
MOD - [2011.03.30 15:45:06 | 000,218,600 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll
MOD - [2011.03.30 15:45:04 | 001,869,288 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Services.dll
MOD - [2011.03.30 15:45:02 | 000,041,960 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll
MOD - [2011.03.30 15:45:00 | 000,337,896 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll
MOD - [2009.05.07 13:27:09 | 000,270,336 | ---- | M] () -- C:\Users\Adam\Documents\wopt010[1]\WLANOptimizerNET.exe
MOD - [2009.04.11 07:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009.04.11 07:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009.04.11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.04.11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:12 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009.03.30 05:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2009.02.25 02:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 02:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.09.30 15:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.09.30 15:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.09.30 15:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.09.30 15:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.09.30 15:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.09.30 15:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.09.30 15:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.09.30 15:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.06.30 00:10:18 | 000,028,672 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\richvideops.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2012.12.02 13:21:39 | 003,085,736 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.12.02 12:46:00 | 000,457,600 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Adam\AppData\Local\Temp\QCI.exe -- (QCI)
SRV - [2012.12.02 12:45:44 | 000,551,808 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Adam\AppData\Local\Temp\HONFBQ.exe -- (HONFBQ)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.13 06:48:19 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.10 05:46:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 05:46:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.25 18:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011.11.07 20:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.05.03 13:54:15 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2008.09.23 11:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.11 12:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008.06.27 16:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.10.25 16:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\1&1\IGDCTRL.EXE -- (IGDCTRL)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\6F56.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.30 20:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.06.27 14:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.06.11 13:17:44 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.06.11 13:17:44 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.06.11 13:17:44 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.06.11 13:17:44 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.06.11 13:17:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.06.11 13:17:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012.05.10 05:46:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.10 05:46:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012.02.29 11:53:06 | 000,076,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV84.sys -- (SSHDRV84)
DRV - [2011.11.14 15:58:34 | 000,015,096 | ---- | M] (HeavenWard) [Kernel | System | Running] -- C:\Windows\System32\drivers\RemoveAny.sys -- (RemoveAny)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011.03.31 23:10:14 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmCAudio.sys -- (DrmCAudio)
DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2010.12.24 14:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2010.07.20 06:09:56 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.20 18:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2008.11.17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.11 12:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.07.22 16:42:34 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.21 11:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/dvdstyler/{B95BE683-9066-4ACE-A883-26F289630519}
IE - HKLM\..\URLSearchHook: {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - SOFTWARE\Classes\CLSID\{3b5aaea6-ae6d-45ab-a626-99ac24fd105b}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0820D288-DAD3-4EE0-B111-FE694DD85E38}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{4FD5A5D6-240E-495F-AB4C-BCB37C23B8CE}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{91B75690-BE1C-4F85-A1E4-9F34793CB261}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=58cc9523-f7fd-11e0-a698-00235a34ac8f&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{B2A9614F-430D-4BED-AD83-2EF7C94CC8AD}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={3D573CD4-9A80-4116-B9F7-E31A099A3A1A}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10206&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.web.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10206&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.1und1.de/links/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10206&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {C0187D6C-1AD6-4194-B0FD-721989735B3A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=93460f16-ba27-4a67-9d5b-56b22bab25dc&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=116198&tt=4412_8&babsrc=SP_ss&mntrId=2b7c904300000000000000216bc54b6a
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=BAV5&o=101720&src=crm&q={searchTerms}&locale=en_US
IE - HKCU\..\SearchScopes\{37839E82-2B6A-429F-A7CE-5F084F014580}: "URL" = http://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{3B921F63-485C-4A84-9A64-884088BEE08A}: "URL" = http://suche.gmx.net/search/web/?su={searchTerms}&[email protected]@[email protected]&origin=searchplugin
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=C9B4FFAF0703DBB0EA61C94FDB85A680&q={searchTerms}
IE - HKCU\..\SearchScopes\{5454E5F8-791E-408C-80A8-08BBB03DA526}: "URL" = http://suche.web.de/search/web/?su={searchTerms}&[email protected]@[email protected]&origin=searchplugin
IE - HKCU\..\SearchScopes\{91B75690-BE1C-4F85-A1E4-9F34793CB261}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=58cc9523-f7fd-11e0-a698-00235a34ac8f&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.autocompletepro.com/?si=10206&bi=400&q={searchTerms}
IE - HKCU\..\SearchScopes\{B79AC7A0-5C18-4217-8912-C71A95A32DDE}: "URL" = http://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{C0187D6C-1AD6-4194-B0FD-721989735B3A}: "URL" = http://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\..\SearchScopes\{C0D8C172-64C7-471D-9D42-A6A6CF4C63D7}: "URL" = http://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92823176077736824
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={3D573CD4-9A80-4116-B9F7-E31A099A3A1A}
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = http://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 18:13:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.26 14:37:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 11:48:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 05:57:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\ab9by06q.default\extensions\[email protected]
 
[2012.12.01 11:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\mozilla\Extensions
[2012.12.03 12:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\mozilla\Firefox\Profiles\j1uif8ah.default\extensions
[2012.12.01 11:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.25 16:24:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.29 18:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011.07.08 10:15:58 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012.12.01 11:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.12.01 11:48:13 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected]
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012.06.13 18:12:33 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.02.27 16:36:54 | 000,003,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\acpro.xml
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.29 18:09:38 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 19:58:16 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2011.10.23 16:23:25 | 000,002,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search ()
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.claro-search.com/?affID=116198&tt=4412_8&babsrc=HP_ss&mntrId=2b7c904300000000000000216bc54b6a
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2012.02.05 16:54:39 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll File not found
O2 - BHO: (TBSB01758 Class) - {02B1FD5A-D2A2-45AA-9959-C7BCA6AD319E} - C:\Program Files\GutscheinFinder\tbcore3.dll ()
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll File not found
O2 - BHO: (Giant Savings) - {11111111-1111-1111-1111-110011441179} - C:\Program Files\Giant Savings\Giant Savings.dll (215 Apps)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.7\PriceGongIE.dll (PriceGong)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Sopcast Toolbar) - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSopc.dll File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (GutscheinFinder) - {1DD0B266-E640-46D1-AC22-C56831180C31} - C:\Program Files\GutscheinFinder\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Sopcast Toolbar) - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSopc.dll File not found
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll File not found
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (GutscheinFinder) - {1DD0B266-E640-46D1-AC22-C56831180C31} - C:\Program Files\GutscheinFinder\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Toolbar) - {3B5AAEA6-AE6D-45AB-A626-99AC24FD105B} - C:\Program Files\Sopcast\tbSopc.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [batteryStatus] C:\Program Files\SRS Battery Status\BatteryStatus.exe File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [battery-Tool] C:\Users\Adam\Downloads\Battery-Tool.exe (Sciper)
O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [WLAN Optimizer] C:\Users\Adam\Documents\wopt010[1]\WLANOptimizerNET.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Free YouTube Download - C:\Users\Adam\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Adam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: wilmaa.com ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_18-windows-i586.cab (Java Plug-in 1.5.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E15A73B9-9767-473B-986E-D1E9DFD99423}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {340219A6-77F0-4A73-8735-3ECBE48CC077} - WEB.DE Browser Add-on
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{261C9825-91ED-4FA1-B24A-8AB4C0219647} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.03 12:16:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2012.12.02 19:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.12.02 19:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.12.02 19:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\HeavenWard
[2012.12.02 11:25:31 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Systweak
[2012.12.02 11:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced File Optimizer
[2012.12.02 11:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced File Optimizer
[2012.12.02 11:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012.12.02 11:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012.12.02 11:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2012.12.02 11:02:01 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Systweak
[2012.12.02 11:01:57 | 000,015,544 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012.12.02 11:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.12.02 11:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2012.12.01 12:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.12.01 12:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.12.01 12:32:44 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Anti-Malware
[2012.11.30 18:40:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.30 18:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.30 18:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.30 18:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.11.11 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Superbox
[2012.11.11 12:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Superbox
[2012.11.11 12:27:24 | 001,093,632 | ---- | C] (POLAR) -- C:\Windows\System32\POLARDraw20.ocx
[2012.11.11 12:27:24 | 000,389,120 | ---- | C] (dltech) -- C:\Windows\System32\axbarcode.ocx
[2012.11.11 12:27:24 | 000,362,576 | ---- | C] (Data Dynamics) -- C:\Windows\System32\Actbar.ocx
[2012.11.11 12:27:22 | 003,702,784 | ---- | C] (Entisoft) -- C:\Windows\System32\Est2_0.dll
[2012.11.11 12:27:22 | 000,065,536 | ---- | C] (Ingenuware, Ltd.) -- C:\Windows\System32\ImpulseASM.dll
[2012.11.11 12:27:21 | 001,331,200 | ---- | C] (Ingenuware, Ltd.) -- C:\Windows\System32\ImpulseGlobals.dll
[2012.11.11 12:27:21 | 000,438,272 | ---- | C] (Ingenuware, Ltd.) -- C:\Windows\System32\ImpulseButton.ocx
[2012.11.11 12:27:21 | 000,090,112 | ---- | C] (Imagine IT Limited) -- C:\Windows\System32\iTWAIN41.ocx
[2012.11.11 12:27:19 | 000,385,024 | ---- | C] (Olson Software Ltd.) -- C:\Windows\System32\oshtl332.dll
[2012.11.11 12:27:19 | 000,321,392 | ---- | C] (Olson Software Ltd.) -- C:\Windows\System32\Oshtols3.dll
[2012.11.11 12:27:18 | 000,856,856 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\ssdw3b32.ocx
[2012.11.11 12:27:18 | 000,559,896 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\ssdw3a32.ocx
[2012.11.11 12:27:18 | 000,340,768 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\ssa3d30.ocx
[2012.11.11 12:27:18 | 000,324,376 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\SSTree.ocx
[2012.11.11 12:27:18 | 000,172,832 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\sssplt30.ocx
[2012.11.11 12:27:18 | 000,148,256 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\ssresz30.ocx
[2012.11.11 12:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Superbox
[2012.11.08 19:43:45 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Amazon MP3
[2012.11.04 16:48:43 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\.Torrent Stream
[2012.11.04 16:47:46 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\TorrentStream
[2012.11.04 16:31:07 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\EurekaLog
[2012.11.03 14:00:24 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\FDRLab
[2012.11.03 14:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\FDRLab
[2012.11.03 14:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyTV
[2009.05.16 12:25:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys
[2009.05.12 11:51:36 | 054,861,592 | ---- | C] (Sun Microsystems, Inc.                                      ) -- C:\Users\Adam\jdk-1_5_0_18-windows-i586-p.exe
[33 C:\Users\Adam\Documents\*.tmp files -> C:\Users\Adam\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 12:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2012.12.03 12:11:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.03 12:11:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.03 12:11:11 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.03 12:11:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.03 12:04:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 12:04:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 12:04:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 12:04:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 12:04:04 | 3186,577,408 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.02 20:12:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.02 19:53:30 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.02 19:11:05 | 000,002,211 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1&1 FRITZ!Box starter.lnk
[2012.12.02 17:32:00 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdam.job
[2012.12.02 15:18:17 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.12.02 15:07:21 | 463,940,655 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.02 15:02:22 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.12.02 12:27:17 | 003,735,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.02 12:26:04 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.12.02 11:25:26 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Advanced File Optimizer.lnk
[2012.12.02 11:02:23 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.12.02 11:01:56 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.12.01 12:33:37 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.12.01 11:48:45 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.01 10:21:19 | 000,000,680 | ---- | M] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2012.11.30 18:40:44 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.29 19:52:23 | 000,002,176 | ---- | M] () -- C:\Users\Adam\Documents\PDF-Rechnung unicorn.pdf
[2012.11.24 17:15:02 | 000,003,405 | ---- | M] () -- C:\Users\Adam\AppData\Local\recently-used.xbel
[2012.11.18 13:47:25 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
[2012.11.14 18:10:25 | 000,002,597 | ---- | M] () -- C:\Users\Adam\Desktop\Microsoft Office Word 2003.lnk
[2012.11.05 18:17:36 | 000,104,960 | ---- | M] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.03 14:00:25 | 000,000,831 | ---- | M] () -- C:\Users\Adam\Desktop\AnyTV.lnk
[33 C:\Users\Adam\Documents\*.tmp files -> C:\Users\Adam\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.02 15:18:17 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.12.02 11:25:26 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Advanced File Optimizer.lnk
[2012.12.02 11:02:23 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.12.02 11:02:20 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2012.12.02 11:02:12 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.12.02 11:02:09 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.12.02 11:01:56 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.12.01 12:33:37 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.12.01 11:48:45 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.01 11:48:45 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.30 18:40:44 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.29 19:49:57 | 000,002,176 | ---- | C] () -- C:\Users\Adam\Documents\PDF-Rechnung unicorn.pdf
[2012.11.24 17:15:02 | 000,003,405 | ---- | C] () -- C:\Users\Adam\AppData\Local\recently-used.xbel
[2012.11.18 13:47:25 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
[2012.11.11 12:27:22 | 000,000,541 | ---- | C] () -- C:\Windows\System32\ESTools.Run
[2012.11.11 12:27:21 | 000,001,536 | ---- | C] () -- C:\Windows\System32\ISWin32.tlb
[2012.11.11 12:27:21 | 000,000,256 | ---- | C] () -- C:\Windows\System32\iTWAIN41.rtl
[2012.11.11 12:27:18 | 000,006,114 | ---- | C] () -- C:\Windows\System32\Shelllnk.tlb
[2012.11.03 14:00:25 | 000,000,831 | ---- | C] () -- C:\Users\Adam\Desktop\AnyTV.lnk
[2012.10.26 14:28:41 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.09.18 09:49:18 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2012.06.18 18:18:21 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\wklnhst.dat
[2012.06.09 17:13:06 | 000,198,443 | ---- | C] () -- C:\Users\Adam\PassbildKlaus1.jpg
[2012.04.13 11:00:06 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.04.12 10:18:08 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.03.21 12:45:36 | 000,004,096 | -H-- | C] () -- C:\Users\Adam\AppData\Local\keyfile3.drm
[2012.02.29 11:53:06 | 000,076,800 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV84.sys
[2012.02.29 11:52:51 | 000,159,920 | ---- | C] () -- C:\Windows\Das Sams Uninstaller.exe
[2012.02.27 16:55:41 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.12.20 16:40:30 | 000,000,705 | ---- | C] () -- C:\Users\Adam\Webcam.lnk
[2011.11.27 16:01:44 | 000,463,505 | ---- | C] () -- C:\Users\Adam\Musterkuendigung.pdf
[2011.11.19 21:23:56 | 001,503,089 | ---- | C] () -- C:\Users\Adam\Ofenanleitung.pdf
[2011.07.08 10:17:06 | 000,000,275 | ---- | C] () -- C:\Users\Adam\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.04.26 18:51:25 | 000,000,680 | ---- | C] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2011.02.25 16:05:24 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.02.10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010.12.29 02:23:14 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.07.20 10:59:44 | 000,071,214 | ---- | C] () -- C:\Users\Adam\systemlog
[2009.12.15 15:58:04 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.08.29 18:59:58 | 000,000,600 | ---- | C] () -- C:\Users\Adam\PUTTY.RND
[2009.08.13 19:40:27 | 000,160,872 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.13 18:30:57 | 000,160,872 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.16 12:25:46 | 000,087,608 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\inst.exe
[2009.05.16 12:25:46 | 000,007,887 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2009.05.16 12:25:46 | 000,001,144 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2009.05.16 10:55:44 | 000,000,133 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\burnaware.ini
[2009.05.13 14:56:50 | 000,104,960 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.21 20:47:09 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe
 
========== ZeroAccess Check ==========
 
[2012.12.02 10:36:41 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JM6V3D8U\t.cxt.ms\lso.swf\u.sol
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.05 19:49:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\.Torrent Stream
[2012.10.21 12:03:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Aiseesoft Studio
[2010.01.10 12:18:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Amazon
[2012.06.08 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AnvSoft
[2009.10.30 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ASCON Installer
[2012.04.12 10:18:19 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\CAD-KAS
[2009.12.20 17:25:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Canon
[2010.09.21 19:39:19 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.21 14:20:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\CosmeticGuide
[2012.02.26 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Cuttermaran
[2012.09.25 19:23:20 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Cyahly
[2012.09.26 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Desktopicon
[2011.08.13 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Digiarty
[2012.05.07 08:29:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Downloaded Installations
[2012.06.25 18:42:21 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DVDVideoSoft
[2012.06.08 16:52:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.25 15:38:44 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\EAC
[2012.02.25 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\elsterformular
[2011.07.08 12:42:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Engelmann Media
[2012.11.04 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\EurekaLog
[2012.11.03 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FDRLab
[2009.05.16 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FinalBurner Video DVD
[2009.08.16 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FreeStone Group
[2012.06.08 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FreeVideoConverter
[2009.05.05 19:06:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\FRITZ!
[2012.06.08 16:39:35 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\GetRightToGo
[2012.01.09 16:00:33 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0
[2012.10.29 18:03:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\HandBrake
[2012.10.10 17:13:08 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\inkscape
[2009.08.09 09:35:09 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\IrfanView
[2009.05.10 17:14:35 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\KIDDINX
[2012.09.25 19:59:12 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Lala
[2012.10.25 10:19:49 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\LucasArts
[2010.10.09 10:53:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MAGIX
[2010.10.21 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ManyCam
[2012.02.27 11:14:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MathGame
[2011.10.23 16:23:18 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MusicNet
[2012.10.20 12:34:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Nokia
[2012.10.20 12:34:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Nokia Suite
[2012.10.28 10:57:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenCandy
[2012.04.12 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org
[2012.06.12 15:56:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Opera
[2012.08.31 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Party
[2011.12.27 12:08:36 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PC Suite
[2012.09.29 20:35:35 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PCCUStubInstaller
[2010.09.23 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PhotoScape
[2009.08.15 16:41:38 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PPMate
[2012.02.05 16:54:18 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ppStream
[2009.12.15 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\RipIt4Me
[2009.12.30 23:28:47 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Samsung
[2012.09.25 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sayxh
[2009.09.30 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\StreamTorrent
[2012.12.02 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Systweak
[2012.10.29 18:07:47 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TuneUp Software
[2012.06.03 10:45:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Usenet.nl
[2010.02.25 15:35:53 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Video DVD Maker FREE
[2011.12.18 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\VistaCodecs
[2009.05.16 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso
[2011.07.08 10:10:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Xilisoft
[2012.02.26 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\XMedia Recode
[2011.02.16 18:47:50 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.09.25 19:46:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.04.14 05:35:48 | 000,000,000 | ---D | M] -- C:\5991a093dbc617d0d95c
[2011.09.15 06:00:39 | 000,000,000 | ---D | M] -- C:\974efc9763b0e0ac6bf1a1ba4502fcf1
[2010.11.04 06:54:41 | 000,000,000 | ---D | M] -- C:\999fd2c7dcbac0a26d23
[2011.03.04 07:01:48 | 000,000,000 | -HSD | M] -- C:\boot
[2011.04.14 05:53:18 | 000,000,000 | ---D | M] -- C:\d7c9c7c0f324daabfa9866014de4c3b0
[2012.11.05 16:23:47 | 000,000,000 | ---D | M] -- C:\David Garrett
[2012.10.03 18:15:20 | 000,000,000 | ---D | M] -- C:\Direct cut
[2011.12.15 20:52:04 | 000,000,000 | ---D | M] -- C:\divx
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.05.02 17:38:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.05.02 17:40:57 | 000,000,000 | -H-D | M] -- C:\HP
[2009.03.10 12:55:11 | 000,000,000 | ---D | M] -- C:\Intel
[2009.05.10 17:13:17 | 000,000,000 | ---D | M] -- C:\Kiddinx
[2008.10.21 21:29:49 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.01.28 16:45:32 | 000,000,000 | ---D | M] -- C:\My Music
[2012.09.30 14:40:58 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.05 19:56:02 | 000,000,000 | ---D | M] -- C:\Poker
[2009.08.15 16:57:51 | 000,000,000 | ---D | M] -- C:\ppmaterecord
[2012.12.02 19:44:07 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.04.13 11:00:05 | 000,000,000 | ---D | M] -- C:\Program1
[2012.12.02 11:02:21 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.05.02 17:38:51 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.07.06 21:22:43 | 000,000,000 | ---D | M] -- C:\Programs
[2011.08.06 10:00:35 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012.12.03 12:25:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.21 13:10:06 | 000,000,000 | -H-D | M] -- C:\System.sav
[2012.10.24 16:28:18 | 000,000,000 | ---D | M] -- C:\TEMP
[2011.12.22 07:41:46 | 000,000,000 | ---D | M] -- C:\Tivola
[2012.09.30 14:52:08 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.02 15:18:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012.12.02 11:25:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Local\Systweak
[2012.12.03 12:19:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Local\Temp
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:0B559D5F9CC355BF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7D43E156

< End of report >
 

 

 

Extras.txt :

 

OTL Extras logfile created on: 03.12.2012 12:19:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,35% Memory free
6,14 Gb Paging File | 3,71 Gb Available in Paging File | 60,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 294,45 Gb Free Space | 64,78% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,85 Gb Free Space | 16,47% Space Free | Partition Type: NTFS
 
Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1DC1A6D5-C7A8-3251-16C4-61F5A8822889}" = simfy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0150180}" = J2SE Runtime Environment 5.0 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150180}" = J2SE Development Kit 5.0 Update 18
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{36150EEC-7622-4ECE-AFE3-35033E45F1F5}" = RedShift Sternenkunde
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{611224E0-8836-41CD-B73C-DC4B0EFD90B5}" = BilliBanni 1. Klasse Chaos auf Wolke sieben!
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{641C2187-AB15-415b-9587-D5B310A19ADC}_is1" = Aiseesoft TRP Converter 6.2.52
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}" = LEGO® Star Wars™ III: The Clone Wars™
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9570A579-88E2-4B73-A28F-3ED8FCB8C0D8}_is1" = Incomedia WebSite X5 v9 - Free
"{96F26B8F-2BCA-4157-8F39-742790C361D8}" = Nero Kwik Media
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}" = Gigaset QuickSync
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC06B562-763A-4839-8422-F9C00BEF63E3}" = Iminent
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B28B351F-1232-46EA-85EF-B8EA91641031}" = Nero 7 Essentials
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.0
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EABE970D-5025-4F24-9727-240742AC8A98}" = BilliBanni Vorschule Weiche Landung in Ballonien!
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"1ClickDownload" = 1ClickDownloader
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"888poker" = 888poker
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced File Optimizer_is1" = Advanced File Optimizer
"Aiseesoft Total Media Converter_is1" = Aiseesoft Total Media Converter
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AnyTV_is1" = AnyTV 5.15
"Ask Toolbar_is1" = Ask Toolbar
"Audiograbber" = Audiograbber 1.83 SE
"AutocompletePro3_is1" = AutocompletePro
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"blekkotb_031" = blekko search bar
"CD Recovery Toolbox Free_is1" = CD Recovery Toolbox Free 1.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"claro" = Claro LTD toolbar  
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Das Sams" = Das Sams
"DealPly" = DealPly
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Everest Poker" = Everest Poker (Remove Only)
"ffdshow_is1" = ffdshow v1.1.4096 [2011-11-29]
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5.6.804
"Free Studio_is1" = Free Studio version 5.5.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"Giant Savings" = Giant Savings
"GIMP-2_is1" = GIMP 2.8.0
"Google Chrome" = Google Chrome
"Grundschule Lernspass mit Hexe Lilli Englisch Klasse 1+2" = Grundschule Lernspass mit Hexe Lilli Englisch Klasse 1+2
"Grundschule Lernspass mit Hexe Lilli Englisch Klasse 3+4" = Grundschule Lernspass mit Hexe Lilli Englisch Klasse 3+4
"GutscheinFinder" = GutscheinFinder
"HandBrake" = HandBrake 0.9.8
"IMBoosterARP" = Iminent
"iMesh 1 MediaBar" = MediaBar
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{36150EEC-7622-4ECE-AFE3-35033E45F1F5}" = RedShift Sternenkunde
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"IrfanView" = IrfanView (remove only)
"iSkysoft DRM Removal_is1" = iSkysoft DRM Removal(Build 1.0.5.1)
"LesenLernen" = LesenLernen
"Lills_is1" = Lills
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.5.48 (remove only)
"MathGame 3.x" = MathGame 3.x
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nokia Suite" = Nokia Suite
"NortonPCCheckup" = Norton PC Checkup
"Opera 11.64.1403" = Opera 11.64
"PartyPoker" = PartyPoker
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PDF Creator" = PDF Creator
"PDF Editor 3" = PDF Editor 3
"Photobie" = Photobie -- photo editing software from Photobie Design
"PhotoScape" = PhotoScape
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PriceGong" = PriceGong 2.6.7
"RealPlayer 15.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"Simfy" = simfy
"SopCast" = SopCast 3.4.8
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Superbox" = Superbox
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB01758.TBSB01758Toolbar" = GutscheinFinder
"Titan Poker" = Titan Poker
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV
"Virtual Plastic Surgery Software - VPSS_is1" = Virtual Plastic Surgery Software - VPSS v1.0
"VLC media player" = VLC media player 2.0.3
"WildTangent hp Master Uninstall" = My HP Games
"WinX Free MP4 to WMV Converter_is1" = WinX Free MP4 to WMV Converter 4.1.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Betfred Poker" = Betfred Poker
"Magical Glass" = Magical Glass
"Meine Reitschule" = Meine Reitschule
"Poker 770" = Poker 770
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.12.2012 14:33:35 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0x1010, Anwendungsstartzeit 01cdd0bb8965873c.
 
Error - 02.12.2012 14:35:45 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0x127c, Anwendungsstartzeit 01cdd0bbd66438bc.
 
Error - 02.12.2012 14:35:51 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0xbe8, Anwendungsstartzeit 01cdd0bbdadc535c.
 
Error - 02.12.2012 14:35:56 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0x12f4, Anwendungsstartzeit 01cdd0bbdde351cc.
 
Error - 02.12.2012 14:36:29 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0x14b0, Anwendungsstartzeit 01cdd0bbf183bbcc.
 
Error - 02.12.2012 14:36:37 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0x122c, Anwendungsstartzeit 01cdd0bbf5d42a2c.
 
Error - 02.12.2012 14:36:47 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0x135c, Anwendungsstartzeit 01cdd0bbfbd1fa6c.
 
Error - 02.12.2012 14:37:01 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0x314, Anwendungsstartzeit 01cdd0bc0445acac.
 
Error - 02.12.2012 14:37:09 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_4_402_287.exe, Version
11.4.402.287, Zeitstempel 0x5066dda3, fehlerhaftes Modul ShimEng.dll_unloaded, Version
 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x72274618,
Prozess-ID
 0x10b0, Anwendungsstartzeit 01cdd0bc08e684fc.
 
Error - 02.12.2012 14:39:28 | Computer Name = Adam-PC | Source = Application Hang | ID = 1002
Description = Programm RegCleanPro.exe, Version 6.21.65.2451 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 178c  Anfangszeit: 01cdd0b9192ad30c  Zeitpunkt
 der Beendigung: 7004
 
Error - 03.12.2012 07:10:25 | Computer Name = Adam-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
 konnte nicht gefunden werden.   bei System.IO.__Error.WinIOError(Int32 errorCode,
 String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode mode,
 FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
 FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

   bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
 FileShare share, Int32 bufferSize)     bei System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     bei System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     bei System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
[ System Events ]
Error - 03.12.2012 07:05:39 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 03.12.2012 07:05:39 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 03.12.2012 07:08:33 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 03.12.2012 07:08:33 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.12.2012 07:08:48 | Computer Name = Adam-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.12.2012 07:08:48 | Computer Name = Adam-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.12.2012 07:08:48 | Computer Name = Adam-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.12.2012 07:08:48 | Computer Name = Adam-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.12.2012 07:09:04 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 03.12.2012 07:09:04 | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
 

Share this post


Link to post
Share on other sites

kommt schon, war noch nicht fertig :-)

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 12:48:06
-----------------------------
12:48:06.600    OS Version: Windows 6.0.6002 Service Pack 2
12:48:06.600    Number of processors: 2 586 0x1706
12:48:06.603    ComputerName: ADAM-PC  UserName: Adam
12:48:11.732    Initialize success
12:49:18.672    AVAST engine defs: 12120200
12:49:26.358    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:49:26.364    Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 3
12:49:26.382    Disk 0 MBR read successfully
12:49:26.391    Disk 0 MBR scan
12:49:26.430    Disk 0 unknown MBR code
12:49:26.438    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       465466 MB offset 63
12:49:26.470    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11470 MB offset 953276416
12:49:26.477    Disk 0 scanning sectors +976766976
12:49:26.586    Disk 0 scanning C:\Windows\system32\drivers
12:49:59.566    File: C:\Windows\system32\drivers\tdx.sys  **SUSPICIOUS**
12:50:05.197    Disk 0 trace - called modules:
12:50:05.217    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8abb1698]<<
12:50:05.221    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87543ac8]
12:50:05.562    3 CLASSPNP.SYS[82f968b3] -> nt!IofCallDriver -> [0x8a9b8030]
12:50:05.574    \Driver\00002021[0x8abddc38] -> IRP_MJ_CREATE -> 0x8abb1698
12:50:09.007    AVAST engine scan C:\Windows
12:50:20.375    AVAST engine scan C:\Windows\system32
12:58:21.920    AVAST engine scan C:\Windows\system32\drivers
12:58:50.344    File: C:\Windows\system32\drivers\tdx.sys  **SUSPICIOUS**
12:58:59.838    AVAST engine scan C:\Users\Adam
13:44:43.276    AVAST engine scan C:\ProgramData
13:55:20.064    Scan finished successfully
14:50:34.793    Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
14:50:34.799    The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"

 

Share this post


Link to post
Share on other sites

Hi,

 

Logfiles bitte anhängen, das macht den Thread übersichtlicher :)

 

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte  http://support.kaspersky.com/downloads/utils/tdsskiller.exe'>TDSSKiller.exe und speichere diese Datei auf dem Desktop

  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt


Poste den Inhalt bitte hier in deinen Thread.

Share this post


Link to post
Share on other sites

TDSSKiller bitte nochmal laufen lassen, und bei den beiden letzten TDX Funden Cure oder Delete wählen, und bestätigen. Bitte das Fixlog sowie ein frisches Scanlog von TDSSKiller anhängen.

Share this post


Link to post
Share on other sites

Reicht mir schon, das Teil ist weg :)

 

 

Und weiter gehts:

 

 



Downloade dir bitte Combofix vom folgenden Downloadspiegel

http://download.bleepingcomputer.com/sUBs/ComboFix.exe'>Link 1


WICHTIG - Speichere Combofix auf deinem Desktop

  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.


Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Share this post


Link to post
Share on other sites

Hast Du den Rechner neu gestartet oder Combofix von alleine? Nach dem Neustart sollte wieder das Blaue Fenster erscheinen, dann dauert es wieder etwas und das Log wird generiert.

 

Warte bitte noch 10 minuten und starte ihn dann manuell neu.

Share this post


Link to post
Share on other sites

so, habs nochmal probiert, wieder das Gleiche, diesmal habe ich mitgeschrieben:

 

Combofix sagt:

 

You Computer is infected by Rootkit.ZeroAcess! It has inserted itself into the tcp/ip stack.

 

Dann sagt es, dass der PC neu gestartet werden muss, und dann passiert nichts mehr.

 

Was bedeutet das? Alles im Eimer??

Share this post


Link to post
Share on other sites

Ok, Combofix vom Desktop löschen und neu auf den Desktop laden.

 

Windows-Taste+R > Combofix /killall > Enter.

 

Combofix sollte nun durchlaufen. Achtung: Zwischen Combofix und /killall ist ein Leerzeichen.

Share this post


Link to post
Share on other sites

Normalerweise nicht, aber versuch mal das einzutippen:

 

"%userprofile%\desktop\Combofix.exe" /Killall

 

Denk bitte wieder an das eine Leerzeichen.

Share this post


Link to post
Share on other sites

Antivir ist deaktiviert wenn Du Combofix laufen lässt?

 

Wenn ja, boote mal bitte in den abgesicherten Modus und lass Combofix dann laufen. Wenn es dann immer noch nit klappt switchen wir um und ich halte mal Rücksprache mit dem Autor des Tools.

 

 

Ich schmeiß den PC bald aus dem Fenster

Immer ruhig, das bekommen wir schon hin :)

Share this post


Link to post
Share on other sites

es wäre ja auch ZU schön gewesen...im abgesicherten Modus startet das Tool prima, dann kommt wieder: Rootkit detected, be patient, dann ; PC muss wg. Rootkit-Aktivität neu gestartet werden und dann wars das ( hab noch 15 Minuten gewartet...)

Share this post


Link to post
Share on other sites

Ok.

 

TDSSKiller öffnen. Bei Scan Optionen kannst Du noch en extra Fenster öffnen mit Einstellungen, dort beides anhaken. Scan drücken. TDSSKiller wird den Rechner neustarten und beim Booten scannen. Dann wieder Cure oder Delete wählen wenn ein TDX Eintrag da ist. Bitte hänge dann das Logfile an.

Share this post


Link to post
Share on other sites

Dann gehen wir das Ganze jetzt mal von aussen an:

 

 

Downloade dir bitte http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/'>Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".



Mit Windows CD/DVD




Wähle in den Reparaturoptionen Eingabeaufforderung

  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan


Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Share this post


Link to post
Share on other sites

Ok. Schau mal bitte in den Ordner C:\Qoobox und teile mir mit was dort an Textdateien vorhanden ist. ICh sehe Reste von Norton, ist das immer noch installiert?

Share this post


Link to post
Share on other sites

Ok, dann anders:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
  • Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

    Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Share this post


Link to post
Share on other sites

Na ging doch ganz einfach :)

 

 

Downloade dir bitte Farbar's http://download.bleepingcomputer.com/farbar/MiniToolBox.exe'>MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files

Klicke Go und poste den Inhalt der Result.txt.

 

 

 

 

 

Downloade Dir bitte http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner'>AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

 

 

 

 

 

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[s1].txt.

 

 

 

 

 

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://www.eset.com/online-scanner-popup/'>eset.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.

    [*] Setze den einen Hacken bei Yes, i accept the Terms of Use.[*] Drücke den starteg.jpg Button.[*] Warte bis die Komponenten herunter geladen wurden.[*] Setze einen Haken bei "Scan archives".[*] Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.[*]starteg.jpg drücken.[*]Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

  • Klicke esetListThreats.png.
  • Klicke  esetExport.png und speichere das Logfile als ESET.txt auf dem Desktop.
  • Klicke Back und Finish

Bitte poste die Logfile hier.

 

 

 

Alle Logfiles bitte anhängen, sowie nach allen Arbeiten ein frisches OTL logfile. Noch Probleme?  :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.