Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can browse the internet but cannot connect to online games [Solved]


  • This topic is locked This topic is locked

#1
Modin

Modin

    Member

  • Member
  • PipPip
  • 45 posts
Hello there,
My Name is Modin and after searching for a solution/a similar problem I ended up here and decided to post my problem here. For a few weeks now, I recieve errors when trying to log onto games like League of Legends, Warcraft III, Diablo III and even G-Arena. The errors always imply that my internet connection would not be working properly or a firewall would block the connection, i can but browse the internet and connect to skype. Yet disableing Windows Firewall did not change anything. I tried all the things suggested by the support of those games(like reseting the pc-clock or reinstalling the game) but it didn't help. Any other PC on the network does not have that problem in any way.
My momentary believe is that something is blocking all the game ports as soon as I try to start a game(I have no actual clue) but I can't say what causes this problem. Anyway, I want to thank you for taking time to look at my issue and hope you can find a solution as I am having so much freetime and can't game ;).
Greeting&Thankz Modin



OTL logfile created on: 10.07.2012 18:56:54 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,87% Memory free
5,09 Gb Paging File | 4,06 Gb Available in Paging File | 79,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 6,88 Gb Free Space | 23,50% Space Free | Partition Type: NTFS
Drive D: | 98,70 Gb Total Space | 3,79 Gb Free Space | 3,84% Space Free | Partition Type: NTFS
Drive E: | 8,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 465,65 Gb Total Space | 279,43 Gb Free Space | 60,01% Space Free | Partition Type: FAT32

Computer Name: MARTIN | User Name: Mörtl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.10 18:56:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.06.24 20:42:01 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- D:\Games\Smite\HiPatchService.exe
PRC - [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- D:\Programme\DAEMON Tools Pro\DTAgent.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010.12.14 17:44:20 | 000,216,456 | ---- | M] (Geek Software GmbH) -- D:\Programme\pdf24\pdf24.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.02.01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- D:\Programme\Winamp\winampa.exe
PRC - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2008.06.25 14:13:48 | 005,625,344 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- D:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.30 22:27:40 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.17 20:03:27 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 12:07:29 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.14 00:56:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.06.14 00:48:36 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_661ee55a\system.drawing.dll
MOD - [2012.06.14 00:48:30 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4759fd05\system.windows.forms.dll
MOD - [2012.06.14 00:48:20 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012.05.16 01:03:28 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012.05.16 01:02:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.16 01:00:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.16 00:58:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.16 00:58:51 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.16 00:53:21 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_381d9d0c\mscorlib.dll
MOD - [2012.05.16 00:53:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_afb934ab\system.xml.dll
MOD - [2012.05.16 00:53:07 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5dbeca5b\system.dll
MOD - [2012.05.16 00:53:03 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.05.16 00:53:02 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- D:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.05.06 17:53:39 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.06 17:53:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.04.25 12:57:36 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.04.25 01:44:53 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010.04.22 15:27:02 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010.04.22 15:27:02 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_de_a53cf5803f4c3827\hpqisrtb.resources.dll
MOD - [2010.04.22 15:27:00 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010.04.22 15:26:59 | 000,294,912 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_de_a53cf5803f4c3827\hpqbakup.resources.dll
MOD - [2010.04.22 15:26:46 | 000,380,928 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2010.04.22 15:26:46 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2010.04.22 15:26:24 | 001,032,192 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010.04.22 15:26:24 | 000,331,776 | ---- | M] () -- c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_de_a53cf5803f4c3827\hpqedit.resources.dll
MOD - [2010.04.22 15:26:23 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010.04.22 15:26:22 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010.04.22 15:26:20 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010.04.22 15:26:17 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010.04.22 15:26:17 | 000,015,360 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010.04.22 15:26:17 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010.04.22 15:26:16 | 000,364,544 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010.04.22 15:26:16 | 000,188,416 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010.04.22 15:26:16 | 000,135,168 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcc2.resources.dll
MOD - [2010.04.22 15:26:16 | 000,122,880 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_de_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2010.04.22 15:26:16 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010.04.22 15:26:16 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010.04.22 15:26:16 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010.04.22 15:26:16 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010.04.22 15:26:16 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010.04.22 15:26:16 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010.04.22 15:26:16 | 000,012,800 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_de_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2010.04.22 15:26:15 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010.04.22 15:24:57 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010.04.22 15:24:57 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010.04.22 15:24:57 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_de_a53cf5803f4c3827\hpqprrsc.resources.dll
MOD - [2010.04.22 15:24:56 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010.04.22 15:24:56 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010.04.22 15:24:56 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010.04.22 15:24:56 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010.04.22 15:24:56 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010.04.22 15:24:56 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010.04.22 15:24:56 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010.04.22 15:24:56 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010.04.22 15:24:56 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010.04.22 15:24:19 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.22 15:24:19 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\system.resources\1.0.5000.0_de_b77a5c561934e089\system.resources.dll
MOD - [2010.04.22 15:23:35 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2008.06.25 14:13:48 | 005,625,344 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2008.04.15 10:07:34 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.01.10 10:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2005.05.11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\pngio.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.06.24 20:42:01 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- D:\Games\Smite\HiPatchService.exe -- (HiPatchService)
SRV - [2012.06.17 20:03:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 15:13:28 | 000,185,856 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.02.24 22:01:00 | 003,432,444 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme\Garena Classic\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\MRTL~1\LOKALE~1\Temp\IBE6E6.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (apteafe9)
DRV - [2012.07.08 19:37:07 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.25 18:09:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.08.30 17:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.01.05 23:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.12.19 13:33:03 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.12.19 13:32:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.12.19 13:32:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 04:50:10 | 000,103,424 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FXX\qcusbser.sys -- (qcusbser)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2008.06.25 18:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://leagueoflegends.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002215853a55
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQC3aLPH5&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.sweeti...g=3.1010006&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweeti...h.asp?src=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\Seekmo@Seekmo.com: C:\Programme\Seekmo\bin\11.0.175.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 [2012.03.20 12:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\Web Assistant\Firefox [2012.06.30 16:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.10 17:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.10 17:42:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 [2012.03.20 12:43:06 | 000,000,000 | ---D | M]

[2010.04.22 16:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Extensions
[2012.06.30 16:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions
[2012.06.30 16:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions
[2010.07.25 10:11:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.30 23:15:27 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2011.03.25 18:35:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.21 11:47:00 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.10.31 22:03:38 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\battlefieldheroespatcher@ea.com
[2011.05.18 17:52:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\engine@conduit.com
[2012.06.30 16:12:33 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\ffxtlbr@incredibar.com
[2012.06.30 16:07:00 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\OneClickDownload@OneClickDownload.com
[2012.06.30 16:23:27 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\searchplugins\sweetim.xml
[2012.06.30 16:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.07 14:41:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.30 16:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\FFXTLBR@INCREDIBAR.COM
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\ONECLICKDOWNLOAD@ONECLICKDOWNLOAD.COM
[2012.06.30 16:12:29 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAMME\WEB ASSISTANT\FIREFOX
[2012.06.17 20:03:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.17 20:03:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.30 16:17:00 | 000,002,352 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.06.17 20:03:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.17 20:03:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 20:03:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 20:03:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 20:03:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] D:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Six Engine] C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [BitTorrent] "D:\Programme\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] D:\Programme\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Media Finder] "C:\Programme\Media Finder\Media Finder.exe" /opentotray File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\Mörtl\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340790576406 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6293937-AC61-425D-9EAE-F1BF34B1623E}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.22 15:09:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT)
O33 - MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\Shell - "" = AutoRun
O33 - MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\Shell - "" = AutoRun
O33 - MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\Shell\AutoRun\command - "" = J:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.10 18:32:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Chromium
[2012.07.10 18:32:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\My Games
[2012.07.10 17:56:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hi-Rez Studios
[2012.07.10 17:56:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Hi-Rez Studios
[2012.07.10 17:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2012.07.10 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\NetSpeedMonitor
[2012.07.10 15:34:42 | 000,000,000 | ---D | C] -- C:\Programme\NetSpeedMonitor
[2012.07.10 10:31:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Avira
[2012.07.10 10:26:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.07.10 10:26:20 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.07.10 10:26:20 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.07.10 10:26:20 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.07.10 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.07.09 09:29:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubisoft
[2012.07.08 21:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\Assassin's Creed Revelations
[2012.07.08 20:47:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PunkBuster
[2012.07.08 20:47:14 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
[2012.07.08 19:37:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Pro
[2012.07.08 19:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2012.06.30 20:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.06.30 16:17:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Media Finder
[2012.06.30 16:16:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Babylon
[2012.06.30 16:16:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.06.30 16:13:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
[2012.06.30 16:12:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OptimizerPro
[2012.06.30 16:12:29 | 000,000,000 | ---D | C] -- C:\Programme\Web Assistant
[2012.06.30 16:11:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2012.06.30 16:07:02 | 000,000,000 | ---D | C] -- C:\Programme\Gophoto.it
[2012.06.30 16:05:55 | 000,000,000 | ---D | C] -- C:\Programme\1ClickDownload
[2012.06.26 10:48:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.06.25 12:05:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mörtl\Recent
[2012.06.25 10:21:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Mörtl\PrivacIE
[2012.06.23 12:22:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Sun
[2012.06.23 12:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.06.23 12:21:53 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2012.06.23 12:21:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Oracle
[2012.06.21 22:11:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Plants vs. Zombies
[2012.06.21 14:13:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.06.21 14:13:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Games
[2012.06.21 14:11:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2012.06.21 14:09:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BigFishGamesCache
[2012.06.12 16:41:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\fontconfig
[2012.06.12 16:40:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\.gimp-2.8
[2012.06.12 16:40:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\gegl-0.2
[2012.06.12 16:37:59 | 000,000,000 | ---D | C] -- C:\Programme\GIMP 2
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.10 18:48:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-746137067-839522115-1003UA.job
[2012.07.10 18:39:49 | 000,527,534 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.10 18:39:49 | 000,502,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.10 18:39:49 | 000,105,628 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.10 18:39:49 | 000,088,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.10 18:36:48 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012.07.10 18:35:54 | 000,198,612 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.07.10 18:35:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.10 17:56:13 | 000,000,640 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Smite Closed Beta.lnk
[2012.07.10 17:56:13 | 000,000,631 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.07.10 16:49:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.07.10 15:17:44 | 000,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.10 14:43:38 | 000,045,194 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\room_v3.dat
[2012.07.10 11:41:35 | 000,494,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Alter Verwalter.jpg
[2012.07.10 09:43:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.03 10:21:06 | 000,002,047 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.07.03 02:48:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-746137067-839522115-1003Core.job
[2012.06.30 22:33:42 | 000,000,142 | -H-- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\.~lock.ycyvcxxcyvbvvbvcb.odt#
[2012.06.30 22:31:03 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.06.30 21:00:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012.06.30 18:49:56 | 000,002,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Google Chrome.lnk
[2012.06.30 16:17:05 | 000,000,703 | ---- | M] () -- C:\user.js
[2012.06.27 18:30:59 | 000,561,593 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\bilder papa gebu.odt
[2012.06.27 18:20:22 | 000,260,237 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertel.gif
[2012.06.27 18:19:33 | 000,131,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertl2.GIF
[2012.06.26 19:02:20 | 000,040,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\cqwxleiy.JPG
[2012.06.26 18:56:50 | 000,019,305 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\TS.JPG
[2012.06.25 20:20:17 | 000,003,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\test.JPG
[2012.06.22 15:08:33 | 000,387,410 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\pb.bmp
[2012.06.14 09:32:52 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.12 17:24:53 | 000,318,942 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Besser.bmp
[2012.06.12 17:02:11 | 000,428,740 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Die Fugger_2.odt
[2012.06.11 20:45:52 | 000,011,249 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\hallo2.odt
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.10 17:56:13 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Smite Closed Beta.lnk
[2012.07.10 17:56:13 | 000,000,631 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.07.10 11:41:35 | 000,494,693 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Alter Verwalter.jpg
[2012.06.30 22:33:42 | 000,000,142 | -H-- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\.~lock.ycyvcxxcyvbvvbvcb.odt#
[2012.06.30 22:31:03 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2012.06.30 22:31:03 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.06.30 21:00:26 | 000,001,650 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
[2012.06.30 21:00:26 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk
[2012.06.30 21:00:26 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk
[2012.06.30 16:12:33 | 000,000,703 | ---- | C] () -- C:\user.js
[2012.06.30 10:37:00 | 000,045,194 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\room_v3.dat
[2012.06.27 18:30:58 | 000,561,593 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\bilder papa gebu.odt
[2012.06.27 18:19:28 | 000,131,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertl2.GIF
[2012.06.27 18:14:06 | 000,260,237 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertel.gif
[2012.06.26 19:00:44 | 000,040,430 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\cqwxleiy.JPG
[2012.06.26 18:56:50 | 000,019,305 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\TS.JPG
[2012.06.26 10:49:44 | 000,003,739 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.06.25 20:20:17 | 000,003,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\test.JPG
[2012.06.22 14:18:34 | 000,387,410 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\pb.bmp
[2012.06.12 17:02:11 | 000,428,740 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Die Fugger_2.odt
[2012.06.12 16:40:07 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GIMP 2.lnk
[2012.06.12 16:30:43 | 000,318,942 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Besser.bmp
[2012.06.11 20:45:52 | 000,011,249 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\hallo2.odt
[2012.05.17 23:03:22 | 000,087,352 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.05.15 21:05:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.31 04:52:14 | 000,179,814 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.03.31 04:52:14 | 000,179,814 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1993962763-746137067-839522115-1003-0.dat
[2012.02.11 22:37:14 | 000,000,854 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2011.05.14 08:52:58 | 000,030,253 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011.01.24 21:06:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.01.21 09:32:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2011.01.21 09:32:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2011.01.12 13:16:57 | 000,001,206 | ---- | C] () -- C:\WINDOWS\DISNEY.INI
[2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.10.31 22:43:09 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PnkBstrK.sys
[2010.10.31 22:42:41 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010.10.18 19:43:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.10.18 19:43:00 | 000,042,112 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.10.10 19:00:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010.09.22 12:12:49 | 000,003,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PData.MMM
[2010.09.22 12:12:49 | 000,003,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PData.MM1
[2010.08.22 09:59:20 | 000,000,037 | ---- | C] () -- C:\WINDOWS\mpegtoiPodconverter.ini
[2010.08.22 09:58:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysMPEGtoiPod.dat
[2010.08.08 00:42:56 | 000,029,440 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.22 17:26:10 | 000,123,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 15:37:07 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

========== LOP Check ==========

[2010.08.25 06:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2012.06.30 16:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.05.13 00:47:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net
[2010.05.06 17:59:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bentley
[2012.06.30 16:47:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2010.12.19 13:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.12.11 22:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.07.08 20:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2011.05.11 14:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.04.28 17:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios
[2012.07.10 17:56:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hi-Rez Studios
[2012.01.07 18:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2012.06.30 16:28:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2010.07.09 19:45:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2012.06.30 16:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OptimizerPro
[2012.06.30 16:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
[2011.02.28 20:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2010.08.25 06:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SeekmoSA
[2012.06.21 15:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.07.08 21:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2010.08.19 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010.05.11 13:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010.07.09 18:49:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0AB34A1C-91C1-45BB-8B32-A0746A30DC96}
[2010.06.22 14:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.09 15:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}
[2011.07.14 13:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\.minecraft
[2011.06.15 16:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Ahnenblatt
[2010.09.22 12:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\AUTOSICH
[2012.06.30 16:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Babylon
[2010.05.06 17:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Bentley
[2012.06.25 12:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Lite
[2012.07.08 20:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Pro
[2012.05.23 11:19:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DVDVideoSoft
[2012.05.23 11:19:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.06.12 11:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Facebook
[2011.05.31 15:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\GenJ3
[2010.12.16 12:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\GetRightToGo
[2011.04.28 14:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\gtk-2.0
[2011.05.19 21:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\ICQ
[2011.08.24 19:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\id Software
[2010.06.30 00:42:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\LolClient
[2012.05.24 13:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\LolClient2
[2012.06.30 16:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Media Finder
[2012.07.10 19:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\NetSpeedMonitor
[2011.02.14 17:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Notepad++
[2011.05.15 00:29:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Octoshape
[2010.04.25 12:58:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\OpenOffice.org
[2012.06.23 12:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Oracle
[2010.09.04 21:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PDF Software
[2011.10.09 18:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PriceGong
[2012.07.08 20:47:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PunkBuster
[2010.10.18 19:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Samsung
[2012.05.14 10:28:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\ScummVM
[2010.08.25 06:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Seekmo
[2012.06.25 12:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\TS3Client
[2010.09.15 20:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Ubisoft
[2012.01.07 18:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Unity
[2010.08.25 06:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\WeatherDPA
[2012.07.10 18:36:48 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B1FBBD09

< End of report >




Not sure if I should also post this extra file that was created during the process.




OTL Extras logfile created on: 10.07.2012 18:56:54 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,87% Memory free
5,09 Gb Paging File | 4,06 Gb Available in Paging File | 79,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 6,88 Gb Free Space | 23,50% Space Free | Partition Type: NTFS
Drive D: | 98,70 Gb Total Space | 3,79 Gb Free Space | 3,84% Space Free | Partition Type: NTFS
Drive E: | 8,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 465,65 Gb Total Space | 279,43 Gb Free Space | 60,01% Space Free | Partition Type: FAT32

Computer Name: MARTIN | User Name: Mörtl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57074:TCP" = 57074:TCP:*:Enabled:Pando Media Booster
"57074:UDP" = 57074:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57074:TCP" = 57074:TCP:*:Enabled:Pando Media Booster
"57074:UDP" = 57074:UDP:*:Enabled:Pando Media Booster
"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1403:UDP" = 1403:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"6112:TCP" = 6112:TCP:*:Enabled:Warcraft
"8088:TCP" = 8088:TCP:*:Enabled:lol
"8399:TCP" = 8399:TCP:*:Enabled:afdsdf
"8400:TCP" = 8400:TCP:*:Enabled:sadfasd
"5001:UDP" = 5001:UDP:*:Enabled:fdsf
"5002:TCP" = 5002:TCP:*:Enabled:fsadfsd
"5003:TCP" = 5003:TCP:*:Enabled:lol2
"1119:TCP" = 1119:TCP:*:Enabled:tst
"4747:TCP" = 4747:TCP:*:Enabled:mws
"4747:UDP" = 4747:UDP:*:Enabled:nws
"1044:TCP" = 1044:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Programme\ICQ7.0\ICQ.exe" = D:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"D:\Programme\ICQ7.0\aolload.exe" = D:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\ICQ7.0\ICQ.exe" = D:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"D:\Programme\ICQ7.0\aolload.exe" = D:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"D:\Games\justcause\Steam.exe" = D:\Games\justcause\Steam.exe:*:Enabled:Steam
"D:\Games\justcause\SteamApps\common\just cause 2 demo\JustCause2.exe" = D:\Games\justcause\SteamApps\common\just cause 2 demo\JustCause2.exe:*:Enabled:Just Cause 2 Demo
"D:\Games\League of Legends\Air\LolClient.exe" = D:\Games\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Games\League of Legends\Game\League of Legends.exe" = D:\Games\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Programme\mIRC\mirc.exe" = D:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\aon\aonController\aonController.exe" = C:\Programme\aon\aonController\aonController.exe:*:Enabled:Controller -- (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
"D:\Games\Siedler III\s3.exe" = D:\Games\Siedler III\s3.exe:*:Enabled:Siedler3
"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"D:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe" = D:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II
"D:\Games\Assassin's Creed II\AssassinsCreedII.exe" = D:\Games\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update
"D:\Games\Assassin's Creed II\UPlayBrowser.exe" = D:\Games\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"D:\Programme\VideoLAN\VLC\vlc.exe" = D:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"D:\Games\Stronghold1\Stronghold.exe" = D:\Games\Stronghold1\Stronghold.exe:*:Enabled:Stronghold
"D:\Games\UT\System\UnrealTournament.exe" = D:\Games\UT\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- ()
"D:\Games\Counter-Strike 1.6\hl.exe" = D:\Games\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Games\Metin2\Metin2\metin2client.bin" = D:\Games\Metin2\Metin2\metin2client.bin:*:Enabled:metin2client
"D:\Programme\LOLReplay\LOLReplay.exe" = D:\Programme\LOLReplay\LOLReplay.exe:*:Enabled:LOL Replay
"D:\Games\World of Warcraft\Launcher.exe" = D:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"D:\Games\World of Warcraft\Launcher.patch.exe" = D:\Games\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"D:\Games\World of Warcraft\BackgroundDownloader.exe" = D:\Games\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"D:\Games\Warcraft III\Warcraft III.exe" = D:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"D:\Games\Warcraft III\yawle.exe" = D:\Games\Warcraft III\yawle.exe:*:Enabled:yawle
"D:\Games\Warcraft III\Frozen Throne.exe" = D:\Games\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne
"D:\Programme\Garena Classic\Garena.exe" = D:\Programme\Garena Classic\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\vghd\bin\Virtuagirl_Downloader.exe" = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\vghd\bin\Virtuagirl_Downloader.exe:*:Enabled:DLManager
"D:\Games\OpenLieroX\OpenLieroX.exe" = D:\Games\OpenLieroX\OpenLieroX.exe:*:Enabled:OpenLieroX -- ()
"D:\Games\AOE 2\age2_x1.exe" = D:\Games\AOE 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Downloads\Diablo-III-8370-deDE-Installer-downloader.exe" = D:\Downloads\Diablo-III-8370-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader
"D:\Downloads\Diablo-III-8370-deDE-Installer-downloader(1).exe" = D:\Downloads\Diablo-III-8370-deDE-Installer-downloader(1).exe:*:Enabled:Blizzard Downloader
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Agent
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.954\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.954\Agent.exe:*:Enabled:Blizzard Agent
"D:\Downloads\Diablo-III-8370-enGB-Installer-downloader.exe" = D:\Downloads\Diablo-III-8370-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader
"D:\Games\Diablo III\Diablo III\Diablo III.exe" = D:\Games\Diablo III\Diablo III\Diablo III.exe:*:Enabled:Diablo III -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.976\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.976\Agent.exe:*:Enabled:Blizzard Agent
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.998\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.998\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1040\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1040\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"D:\Games\LoL\League of Legends\lol.launcher.exe" = D:\Games\LoL\League of Legends\lol.launcher.exe:*:Enabled:League of Legends spielen
"D:\Games\League of Legends\lol.launcher.admin.exe" = D:\Games\League of Legends\lol.launcher.admin.exe:*:Enabled:lol.launcher.admin -- ()
"C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe" = C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe:*:Enabled:Internet-Hearts -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"D:\Games\acrev\ACRSP.exe" = D:\Games\acrev\ACRSP.exe:*:Enabled:Assassin's Creed Revelations -- ()
"D:\Games\acrev\ACRMP.exe" = D:\Games\acrev\ACRMP.exe:*:Enabled:Assassin's Creed Revelations Multiplayer -- ()
"D:\Games\acrev\AssassinsCreedRevelations.exe" = D:\Games\acrev\AssassinsCreedRevelations.exe:*:Enabled:Assassin's Creed Revelations Update -- (Ubisoft)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1C30EE39-7644-49CC-9E04-D2D2009D7FBD}" = BVRP_CUE
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.439
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57F5CC1D-2E00-4008-8CEC-EFE61B2E58AE}" = Visual Basic for Applications ® Core - German
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{699BAC7F-DC10-4709-97D8-45379301BBE7}" = NVIDIA PhysX v8.08.01
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB1EBA58-4829-4AE5-A9C8-7170E7BA7005}" = Emu64 V4.30
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"{FBE371D7-5430-4485-B0EC-529BF08C10CA}" = Bentley MicroStation V8i 08.11.05.17
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aonUpdate" = aonUpdate
"Avira AntiVir Desktop" = Avira Free Antivirus
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"Controller" = Controller
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GameSpy Arcade" = GameSpy Arcade
"Garena Classic 2011" = Garena Classic 2011
"GenealogyJ 6592" = GenealogyJ 6592
"GIMP-2_is1" = GIMP 2.8.0
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"Little Fighter 2" = Little Fighter 2 version 2.0
"Magic Workstation_is1" = Magic Workstation 0.94f
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"Replay Explorer_is1" = Replay Explorer 2
"S3" = Die Siedler III Gold Edition
"ST6UNST #1" = Quick64 v1.0 BETA (Full)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"UnZip Me" = UnZip Me
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01.07.2012 03:28:18 | Computer Name = MARTIN | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.

Error - 02.07.2012 02:03:44 | Computer Name = MARTIN | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.

Error - 02.07.2012 02:03:44 | Computer Name = MARTIN | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.

Error - 02.07.2012 12:33:46 | Computer Name = MARTIN | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 08.07.2012 13:50:17 | Computer Name = MARTIN | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 10.07.2012 09:52:00 | Computer Name = MARTIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10.07.2012 10:20:50 | Computer Name = MARTIN | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706.No valid source could be found
for product DocumentViewer. The Windows Installer cannot continue.

Error - 10.07.2012 10:21:18 | Computer Name = MARTIN | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706.No valid source could be found
for product DocumentViewer. The Windows Installer cannot continue.

Error - 10.07.2012 10:28:20 | Computer Name = MARTIN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wwp.exe, Version 1.0.0.0, fehlgeschlagenes
Modul wwp.exe, Version 1.0.0.0, Fehleradresse 0x000cbac9.

Error - 10.07.2012 12:37:38 | Computer Name = MARTIN | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706.No valid source could be found
for product DocumentViewer. The Windows Installer cannot continue.

[ System Events ]
Error - 04.06.2012 01:56:44 | Computer Name = MARTIN | Source = Print | ID = 54
Description = Dokument dritte Prüfungsarbeit 1148963 war beschädigt und wurde gelöscht.
Der zugewiesene Treiber ist: HP PSC 1400 series.

Error - 25.06.2012 09:07:27 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7034
Description = Dienst "MSCamSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 30.06.2012 11:20:38 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Akamai
NetSession Interface.

Error - 30.06.2012 11:20:38 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira
AntiVir Personal - Free Antivirus Guard.

Error - 30.06.2012 11:20:38 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Personal - Free Antivirus Guard" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053

Error - 30.06.2012 11:20:38 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst FsUsbExService.

Error - 30.06.2012 11:20:38 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FsUsbExService" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 10.07.2012 09:04:22 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 10.07.2012 09:08:21 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7034
Description = Dienst "FsUsbExService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 10.07.2012 09:08:43 | Computer Name = MARTIN | Source = Service Control Manager | ID = 7034
Description = Dienst "MSCamSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.


< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Modin! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.





P2P Warning!:

IMPORTANT I have noticed that there are signs of BitTorrentBar P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrentBar however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.






Step 1.

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\MRTL~1\LOKALE~1\Temp\IBE6E6.tmp -- (GarenaPEngine)
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002215853a55
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQC3aLPH5&i=26
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&crg=3.1010006&q="
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\Seekmo@Seekmo.com: C:\Programme\Seekmo\bin\11.0.175.0\firefox\extensions
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 [2012.03.20 12:43:06 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 [2012.03.20 12:43:06 | 000,000,000 | ---D | M]
    [2012.05.30 23:15:27 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
    [2012.05.21 11:47:00 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
    [2011.05.18 17:52:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\engine@conduit.com
    [2012.06.30 16:12:33 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\ffxtlbr@incredibar.com
    [2012.06.30 16:23:27 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\searchplugins\sweetim.xml
    [2012.06.30 16:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
    File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
    File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
    File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\FFXTLBR@INCREDIBAR.COM
    File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\ONECLICKDOWNLOAD@ONECLICKDOWNLOAD.COM
    [2012.06.30 16:17:00 | 000,002,352 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [BitTorrent] "D:\Programme\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
    O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT)
    O33 - MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\Shell - "" = AutoRun
    O33 - MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\Shell\AutoRun\command - "" = J:\Setup.exe
    O33 - MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\Shell - "" = AutoRun
    O33 - MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\Shell\AutoRun\command - "" = J:\Setup.exe
    [2012.06.30 16:16:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Babylon
    [2012.06.30 16:16:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
    [2010.08.25 06:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SeekmoSA
    [2012.06.30 16:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Babylon
    [2011.10.09 18:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PriceGong
    [2010.08.25 06:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Seekmo
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 3.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt
  • Post the log


Step 4.

Please post:

OTL fix log
OTL.txt
aswMBR log


Please give me an update on how the computer is performing.
  • 0

#3
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Thank you very much for your reply and your help. As far as I can tell the problem should have vanished. Here are the Logs and again thank you very much kind sir:

OTL Fix:

All processes killed
========== OTL ==========
Error: No service named GarenaPEngine was found to stop!
Service\Driver key GarenaPEngine not found.
File C:\DOKUME~1\MRTL~1\LOKALE~1\Temp\IBE6E6.tmp not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: "http://search.sweeti...g=3.1010006&q=" removed from keyword.URL
Prefs.js: "http://search.sweeti...h.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1\ not found.
File C:\WINDOWS\system32\npDeployJava1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1\ not found.
File C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\Seekmo@Seekmo.com: C:\Programme\Seekmo\bin\11.0.175.0\firefox\extensions not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 not found.
Folder C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
Folder C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Folder C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\engine@conduit.com\ not found.
Folder C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\ffxtlbr@incredibar.com\ not found.
File C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\searchplugins\sweetim.xml not found.
Folder C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com\ not found.
File C:\Programme\mozilla firefox\searchplugins\babylon.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
File C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
File C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dc32e40-c925-11e1-bc97-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dc32e40-c925-11e1-bc97-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dc32e40-c925-11e1-bc97-806d6172696f}\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0e554d-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0e554d-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0e554d-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0e554d-fc6b-11df-a641-002215853a55}\ not found.
File J:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0e554f-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0e554f-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0e554f-fc6b-11df-a641-002215853a55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0e554f-fc6b-11df-a641-002215853a55}\ not found.
File J:\Setup.exe not found.
Folder C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Babylon\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SeekmoSA\ not found.
Folder C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Babylon\ not found.
Folder C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PriceGong\ not found.
Folder C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Seekmo\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 77351 bytes

User: Mörtl
->Temp folder emptied: 288054990 bytes
->Temporary Internet Files folder emptied: 50690323 bytes
->Java cache emptied: 67151369 bytes
->FireFox cache emptied: 62875706 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3162393 bytes

User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 1492498 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138908 bytes
%systemroot%\System32 .tmp files removed: 3087 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12887915 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 465,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07142012_195022

Files\Folders moved on Reboot...
File\Folder E:\autorun.exe not found!

PendingFileRenameOperations files...
File E:\autorun.exe not found!

Registry entries deleted on Reboot...

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 19:56:16
-----------------------------
19:56:16.453 OS Version: Windows 5.1.2600 Service Pack 3
19:56:16.453 Number of processors: 4 586 0xF0B
19:56:16.468 ComputerName: MARTIN UserName: Mörtl
19:56:16.718 Initialize success
19:56:32.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
19:56:32.203 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305245MB BusType: 3
19:56:32.218 Disk 0 MBR read successfully
19:56:32.218 Disk 0 MBR scan
19:56:32.218 Disk 0 Windows XP default MBR code
19:56:32.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
19:56:32.218 Disk 0 Partition - 00 0F Extended LBA 101065 MB offset 61432560
19:56:32.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 101065 MB offset 61432623
19:56:32.234 Disk 0 scanning sectors +268414020
19:56:32.296 Disk 0 scanning C:\WINDOWS\system32\drivers
19:56:38.718 Service scanning
19:56:44.968 Modules scanning
19:56:50.390 Disk 0 trace - called modules:
19:56:50.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
19:56:50.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0bdab8]
19:56:50.406 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8b11f9e8]
19:56:50.406 5 ACPI.sys[b9e63620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8b0c2940]
19:56:50.406 Scan finished successfully
19:57:27.546 Disk 0 MBR has been saved successfully to "D:\Family\Martin\MBR.dat"
19:57:27.546 The log file has been saved successfully to "D:\Family\Martin\aswMBR log.txt"


OTL log:

OTL logfile created on: 14.07.2012 19:59:04 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 73,35% Memory free
5,09 Gb Paging File | 4,30 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 7,53 Gb Free Space | 25,70% Space Free | Partition Type: NTFS
Drive D: | 98,70 Gb Total Space | 13,97 Gb Free Space | 14,16% Space Free | Partition Type: NTFS
Drive E: | 8,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 465,65 Gb Total Space | 279,43 Gb Free Space | 60,01% Space Free | Partition Type: FAT32

Computer Name: MARTIN | User Name: Mörtl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.14 19:34:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- D:\Games\Smite\HiPatchService.exe
PRC - [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- D:\Programme\DAEMON Tools Pro\DTAgent.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010.12.14 17:44:20 | 000,216,456 | ---- | M] (Geek Software GmbH) -- D:\Programme\pdf24\pdf24.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.02.01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- D:\Programme\Winamp\winampa.exe
PRC - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2008.06.25 14:13:48 | 005,625,344 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- D:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.30 22:27:40 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.17 20:03:27 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 12:07:29 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.14 00:56:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.06.14 00:48:36 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_661ee55a\system.drawing.dll
MOD - [2012.06.14 00:48:30 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4759fd05\system.windows.forms.dll
MOD - [2012.06.14 00:48:20 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012.05.16 01:03:28 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012.05.16 01:02:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.16 01:00:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.16 00:58:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.16 00:58:51 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.16 00:53:21 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_381d9d0c\mscorlib.dll
MOD - [2012.05.16 00:53:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_afb934ab\system.xml.dll
MOD - [2012.05.16 00:53:07 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5dbeca5b\system.dll
MOD - [2012.05.16 00:53:03 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.05.16 00:53:02 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- D:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.05.06 17:53:39 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.06 17:53:39 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.05.06 17:53:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.04.25 12:57:36 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.04.25 01:44:53 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010.04.22 15:27:02 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010.04.22 15:27:02 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_de_a53cf5803f4c3827\hpqisrtb.resources.dll
MOD - [2010.04.22 15:27:00 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010.04.22 15:26:59 | 000,294,912 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_de_a53cf5803f4c3827\hpqbakup.resources.dll
MOD - [2010.04.22 15:26:46 | 000,380,928 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2010.04.22 15:26:46 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2010.04.22 15:26:24 | 001,032,192 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010.04.22 15:26:24 | 000,331,776 | ---- | M] () -- c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_de_a53cf5803f4c3827\hpqedit.resources.dll
MOD - [2010.04.22 15:26:23 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010.04.22 15:26:22 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010.04.22 15:26:20 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010.04.22 15:26:17 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010.04.22 15:26:17 | 000,015,360 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010.04.22 15:26:17 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010.04.22 15:26:16 | 000,364,544 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010.04.22 15:26:16 | 000,188,416 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010.04.22 15:26:16 | 000,135,168 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcc2.resources.dll
MOD - [2010.04.22 15:26:16 | 000,122,880 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_de_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2010.04.22 15:26:16 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010.04.22 15:26:16 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010.04.22 15:26:16 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010.04.22 15:26:16 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010.04.22 15:26:16 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010.04.22 15:26:16 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010.04.22 15:26:16 | 000,012,800 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_de_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2010.04.22 15:26:15 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010.04.22 15:24:57 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010.04.22 15:24:57 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010.04.22 15:24:57 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_de_a53cf5803f4c3827\hpqprrsc.resources.dll
MOD - [2010.04.22 15:24:56 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010.04.22 15:24:56 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010.04.22 15:24:56 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010.04.22 15:24:56 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010.04.22 15:24:56 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010.04.22 15:24:56 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010.04.22 15:24:56 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010.04.22 15:24:56 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010.04.22 15:24:56 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010.04.22 15:24:19 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.22 15:24:19 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\system.resources\1.0.5000.0_de_b77a5c561934e089\system.resources.dll
MOD - [2010.04.22 15:23:35 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2008.06.25 14:13:48 | 005,625,344 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2008.04.15 10:07:34 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.01.10 10:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2005.05.11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\pngio.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- D:\Games\Smite\HiPatchService.exe -- (HiPatchService)
SRV - [2012.06.17 20:03:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 15:13:28 | 000,185,856 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.02.24 22:01:00 | 003,432,444 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme\Garena Classic\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\MRTL~1\LOKALE~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akmafcsz)
DRV - [2012.07.08 19:37:07 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.25 18:09:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.08.30 17:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.01.05 23:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.12.19 13:33:03 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.12.19 13:32:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.12.19 13:32:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 04:50:10 | 000,103,424 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FXX\qcusbser.sys -- (qcusbser)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2008.06.25 18:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-746137067-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://leagueoflegends.com/
IE - HKU\S-1-5-21-1993962763-746137067-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1993962763-746137067-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1993962763-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.sweeti...h.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\Seekmo@Seekmo.com: C:\Programme\Seekmo\bin\11.0.175.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 [2012.03.20 12:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\Web Assistant\Firefox [2012.06.30 16:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.10 17:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.10 17:42:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 [2012.03.20 12:43:06 | 000,000,000 | ---D | M]

[2010.04.22 16:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Extensions
[2012.06.30 16:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions
[2012.07.14 19:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions
[2010.07.25 10:11:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.25 18:35:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.31 22:03:38 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\battlefieldheroespatcher@ea.com
[2012.06.30 16:07:00 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\OneClickDownload@OneClickDownload.com
[2012.07.14 19:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.07 14:41:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\ONECLICKDOWNLOAD@ONECLICKDOWNLOAD.COM
[2012.06.30 16:12:29 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAMME\WEB ASSISTANT\FIREFOX
[2012.06.17 20:03:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.17 20:03:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 20:03:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.17 20:03:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 20:03:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 20:03:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 20:03:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.babylo...000002215853a55
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.07.14 19:50:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] D:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Six Engine] C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1993962763-746137067-839522115-1003..\Run: [Akamai NetSession Interface] "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-1993962763-746137067-839522115-1003..\Run: [DAEMON Tools Pro Agent] D:\Programme\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1993962763-746137067-839522115-1003..\Run: [Media Finder] "C:\Programme\Media Finder\Media Finder.exe" /opentotray File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\Mörtl\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-746137067-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1993962763-746137067-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340790576406 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6293937-AC61-425D-9EAE-F1BF34B1623E}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.22 15:09:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.07.12 09:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Flyff
[2012.07.10 19:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.07.10 18:32:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Chromium
[2012.07.10 18:32:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\My Games
[2012.07.10 17:56:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hi-Rez Studios
[2012.07.10 17:56:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Hi-Rez Studios
[2012.07.10 17:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2012.07.10 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\NetSpeedMonitor
[2012.07.10 15:34:42 | 000,000,000 | ---D | C] -- C:\Programme\NetSpeedMonitor
[2012.07.10 10:31:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Avira
[2012.07.10 10:26:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.07.10 10:26:20 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.07.10 10:26:20 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.07.10 10:26:20 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.07.10 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.07.09 09:29:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubisoft
[2012.07.08 21:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\Assassin's Creed Revelations
[2012.07.08 20:47:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PunkBuster
[2012.07.08 20:47:14 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
[2012.07.08 19:37:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Pro
[2012.07.08 19:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2012.06.30 20:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.06.30 16:17:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Media Finder
[2012.06.30 16:13:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
[2012.06.30 16:12:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OptimizerPro
[2012.06.30 16:12:29 | 000,000,000 | ---D | C] -- C:\Programme\Web Assistant
[2012.06.30 16:11:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2012.06.30 16:07:02 | 000,000,000 | ---D | C] -- C:\Programme\Gophoto.it
[2012.06.30 16:05:55 | 000,000,000 | ---D | C] -- C:\Programme\1ClickDownload
[2012.06.26 10:48:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.06.25 12:05:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mörtl\Recent
[2012.06.25 10:21:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Mörtl\PrivacIE
[2012.06.23 12:22:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Sun
[2012.06.23 12:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.06.23 12:21:53 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2012.06.23 12:21:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Oracle
[2012.06.21 22:11:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Plants vs. Zombies
[2012.06.21 14:13:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.06.21 14:13:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Games
[2012.06.21 14:11:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2012.06.21 14:09:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BigFishGamesCache

========== Files - Modified Within 30 Days ==========

[2012.07.14 19:57:48 | 000,527,534 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.14 19:57:48 | 000,502,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.14 19:57:48 | 000,105,628 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.14 19:57:48 | 000,088,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.14 19:54:31 | 000,198,612 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.07.14 19:54:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012.07.14 19:53:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.14 19:50:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.07.14 19:48:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-746137067-839522115-1003UA.job
[2012.07.14 07:28:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.13 13:14:42 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\HRUPPROG.DIE.NOW
[2012.07.13 02:48:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-746137067-839522115-1003Core.job
[2012.07.12 19:49:57 | 000,002,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Google Chrome.lnk
[2012.07.12 09:16:02 | 000,123,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.12 09:03:58 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.11 23:30:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.10 17:56:13 | 000,000,640 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Smite Closed Beta.lnk
[2012.07.10 17:56:13 | 000,000,631 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.07.10 16:49:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.07.10 14:43:38 | 000,045,194 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\room_v3.dat
[2012.07.10 11:41:35 | 000,494,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Alter Verwalter.jpg
[2012.07.03 10:21:06 | 000,002,047 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.06.30 22:33:42 | 000,000,142 | -H-- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\.~lock.ycyvcxxcyvbvvbvcb.odt#
[2012.06.30 22:31:03 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.06.30 21:00:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012.06.30 16:17:05 | 000,000,703 | ---- | M] () -- C:\user.js
[2012.06.27 18:30:59 | 000,561,593 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\bilder papa gebu.odt
[2012.06.27 18:20:22 | 000,260,237 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertel.gif
[2012.06.27 18:19:33 | 000,131,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertl2.GIF
[2012.06.26 19:02:20 | 000,040,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\cqwxleiy.JPG
[2012.06.26 18:56:50 | 000,019,305 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\TS.JPG
[2012.06.25 20:20:17 | 000,003,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\test.JPG
[2012.06.22 15:08:33 | 000,387,410 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\pb.bmp

========== Files Created - No Company Name ==========

[2012.07.13 13:14:42 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\HRUPPROG.DIE.NOW
[2012.07.10 17:56:13 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Smite Closed Beta.lnk
[2012.07.10 17:56:13 | 000,000,631 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.07.10 11:41:35 | 000,494,693 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Alter Verwalter.jpg
[2012.06.30 22:33:42 | 000,000,142 | -H-- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\.~lock.ycyvcxxcyvbvvbvcb.odt#
[2012.06.30 22:31:03 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2012.06.30 22:31:03 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.06.30 21:00:26 | 000,001,650 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
[2012.06.30 21:00:26 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk
[2012.06.30 21:00:26 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk
[2012.06.30 16:12:33 | 000,000,703 | ---- | C] () -- C:\user.js
[2012.06.30 10:37:00 | 000,045,194 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\room_v3.dat
[2012.06.27 18:30:58 | 000,561,593 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\bilder papa gebu.odt
[2012.06.27 18:19:28 | 000,131,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertl2.GIF
[2012.06.27 18:14:06 | 000,260,237 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertel.gif
[2012.06.26 19:00:44 | 000,040,430 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\cqwxleiy.JPG
[2012.06.26 18:56:50 | 000,019,305 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\TS.JPG
[2012.06.26 10:49:44 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.06.25 20:20:17 | 000,003,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\test.JPG
[2012.06.22 14:18:34 | 000,387,410 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\pb.bmp
[2012.05.17 23:03:22 | 000,087,352 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.05.15 21:05:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.31 04:52:14 | 000,179,814 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.03.31 04:52:14 | 000,179,814 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1993962763-746137067-839522115-1003-0.dat
[2012.02.11 22:37:14 | 000,000,854 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2011.05.14 08:52:58 | 000,030,253 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011.01.24 21:06:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.01.21 09:32:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2011.01.21 09:32:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2011.01.12 13:16:57 | 000,001,206 | ---- | C] () -- C:\WINDOWS\DISNEY.INI
[2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.10.31 22:43:09 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PnkBstrK.sys
[2010.10.31 22:42:41 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010.10.18 19:43:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.10.18 19:43:00 | 000,042,112 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.10.10 19:00:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010.09.22 12:12:49 | 000,003,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PData.MMM
[2010.09.22 12:12:49 | 000,003,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PData.MM1
[2010.08.22 09:59:20 | 000,000,037 | ---- | C] () -- C:\WINDOWS\mpegtoiPodconverter.ini
[2010.08.22 09:58:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysMPEGtoiPod.dat
[2010.08.08 00:42:56 | 000,029,440 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.22 17:26:10 | 000,123,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 15:37:07 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

========== LOP Check ==========

[2010.08.25 06:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2012.05.13 00:47:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net
[2010.05.06 17:59:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bentley
[2012.06.30 16:47:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2010.12.19 13:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.12.11 22:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.07.08 20:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2011.05.11 14:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.04.28 17:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios
[2012.07.10 17:56:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hi-Rez Studios
[2012.01.07 18:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2012.06.30 16:28:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2010.07.09 19:45:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2012.06.30 16:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OptimizerPro
[2012.06.30 16:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
[2011.02.28 20:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2012.06.21 15:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.07.08 21:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2010.08.19 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010.05.11 13:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010.07.09 18:49:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0AB34A1C-91C1-45BB-8B32-A0746A30DC96}
[2010.06.22 14:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.09 15:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}
[2010.09.30 07:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PDF Software
[2011.07.14 13:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\.minecraft
[2011.06.15 16:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Ahnenblatt
[2010.09.22 12:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\AUTOSICH
[2010.05.06 17:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Bentley
[2012.06.25 12:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Lite
[2012.07.08 20:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Pro
[2012.05.23 11:19:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DVDVideoSoft
[2012.05.23 11:19:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.06.12 11:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Facebook
[2011.05.31 15:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\GenJ3
[2010.12.16 12:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\GetRightToGo
[2011.04.28 14:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\gtk-2.0
[2011.05.19 21:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\ICQ
[2011.08.24 19:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\id Software
[2010.06.30 00:42:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\LolClient
[2012.05.24 13:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\LolClient2
[2012.06.30 16:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Media Finder
[2012.07.14 20:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\NetSpeedMonitor
[2011.02.14 17:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Notepad++
[2011.05.15 00:29:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Octoshape
[2010.04.25 12:58:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\OpenOffice.org
[2012.06.23 12:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Oracle
[2010.09.04 21:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PDF Software
[2012.07.08 20:47:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PunkBuster
[2010.10.18 19:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Samsung
[2012.05.14 10:28:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\ScummVM
[2012.06.25 12:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\TS3Client
[2010.09.15 20:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Ubisoft
[2012.01.07 18:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Unity
[2010.08.25 06:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\WeatherDPA
[2012.07.14 19:54:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2001.08.23 14:00:00 | 000,007,111 | ---- | M] () MD5=FDA6D81BABFB01A4504B66080EADF975 -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.ASFX >
[2012.04.04 07:53:56 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Programme\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.ASFX22 >
[2011.06.06 12:55:32 | 000,000,627 | R--- | M] () MD5=C25DC0D9A0098C3677CBC8AACADA1472 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\services.asfx22

< MD5 for: SERVICES.CFG >
[2012.04.04 07:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Programme\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011.06.06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008.04.14 04:22:59 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=4BB6A83640F1D1792AD21CE767B621C6 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 04:22:59 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=4BB6A83640F1D1792AD21CE767B621C6 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009.02.09 12:04:47 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=65F6B774819BD727358157CEDEA67B8E -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 11:48:30 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A07CA23EA361A01E627D911CF139B950 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- C:\WINDOWS\system32\services.exe
[2004.08.04 00:58:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDB6B81761BD60F32F740BBC40AFB676 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009.02.09 13:14:22 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=F0A7D59AF279326528715B206669B86C -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

< MD5 for: SERVICES.EXE.000 >
[2004.08.04 00:58:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDB6B81761BD60F32F740BBC40AFB676 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe.000

< MD5 for: SERVICES.MSC >
[2001.08.23 14:00:00 | 000,033,068 | ---- | M] () MD5=D5B861FD9DC5A781FEB11F12C6E87238 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2010.02.01 22:59:00 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Programme\OpenOffice.org 3\URE\misc\services.rdb
[2010.02.01 22:52:28 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Programme\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\svchost.exe
[2004.08.04 00:58:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=65A819B121EB6FDAB4400EA42BDFFE64 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = System32\DRIVERS\netbt.sys -- [2008.04.13 21:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios über TCP/IP
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios über TCP/IP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{810565A8-DF1A-4626-B9E0-11C8947287AD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{88E15D07-852F-46C8-9A1F-1A81E3097031}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E15280EC-3202-4CA3-9781-64255DAD1B56}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E6293937-AC61-425D-9EAE-F1BF34B1623E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = System32\DRIVERS\netbios.sys -- [2008.04.13 20:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS-Schnittstelle
"Group" = NetBIOSGroup
"Description" = NetBIOS-Schnittstelle
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2001.08.23 14:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.06.17 20:03:22 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.06.17 20:03:22 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.06.17 20:03:22 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" --show-icons [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" --hide-icons [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programme\Internet Explorer\iexplore.exe" -extoff [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Programme\Internet Explorer\iexplore.exe [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Programme\MSN\MSNCoreFiles\MSN6.EXE" [2001.08.23 14:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.06.17 20:03:22 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.06.17 20:03:22 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.06.17 20:03:22 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" --show-icons [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" --hide-icons [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programme\Internet Explorer\iexplore.exe" -extoff [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Programme\Internet Explorer\iexplore.exe [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Programme\MSN\MSNCoreFiles\MSN6.EXE" [2001.08.23 14:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B1FBBD09

< End of report >


Geeks are the best ;)
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK just a few more steps to complete the cleaning process.


Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

#5
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
When double klicking mbam-setup.exe I recieve the following error notification:
Posted Image
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Go on to run eset amd security check. I will alter the instructions for MalwareBytes' if needed.

CompCav
  • 0

#7
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Okay. These are the "logs" I got:

ESET:

C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25\61761fd9-6c759484 Java/Exploit.CVE-2012-0507.CH trojan deleted - quarantined
C:\System Volume Information\_restore{1D2C3F40-6311-4CB5-AAAD-762C9F8DABA3}\RP698\A0098287.exe Win32/Adware.1ClickDownload.E application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1D2C3F40-6311-4CB5-AAAD-762C9F8DABA3}\RP698\A0098288.exe Win32/Adware.1ClickDownload.E application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1D2C3F40-6311-4CB5-AAAD-762C9F8DABA3}\RP701\A0098737.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1D2C3F40-6311-4CB5-AAAD-762C9F8DABA3}\RP701\A0098738.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1D2C3F40-6311-4CB5-AAAD-762C9F8DABA3}\RP701\A0098739.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1D2C3F40-6311-4CB5-AAAD-762C9F8DABA3}\RP701\A0098741.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
D:\Programme\Hijackthis\backups\backup-20120630-163658-348.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined


Security Check:

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 6 Update 23
Java™ 7 Update 5
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Those look very good let's try MalwareBytes' again but first run this OTL fix.

Step 1.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    :files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Please delete your current copy of mbam setup.

Then:

Posted ImagePlease download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3.

Please post:
OTL fix log
mbam log


Also please let me know how your computer is running.
  • 0

#9
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
OTL fix log:

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mörtl
->Temp folder emptied: 9500575 bytes
->Temporary Internet Files folder emptied: 2270791 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 177692652 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1515 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19959 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 181,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07152012_214542

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC0.tmp moved successfully.
C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC1.tmp moved successfully.
C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC2.tmp moved successfully.
C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC3.tmp moved successfully.
C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC4.tmp moved successfully.
C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC5.tmp moved successfully.
C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC6.tmp moved successfully.
C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC7.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC0.tmp not found!
File C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC1.tmp not found!
File C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC2.tmp not found!
File C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC3.tmp not found!
File C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC4.tmp not found!
File C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC5.tmp not found!
File C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC6.tmp not found!
File C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Temp\npDEC7.tmp not found!

Registry entries deleted on Reboot...

mbam log:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mörtl :: MARTIN [Administrator]

15.07.2012 21:52:11
mbam-log-2012-07-15 (21-52-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216246
Laufzeit: 5 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKCR\HostIE.Bho (Adware.Zango) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\HostIE.Bho.1 (Adware.Zango) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SeekmoAx.Info (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SeekmoAx.Info.1 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Seekmo (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Seekmo (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|Seekmo@Seekmo.com (Adware.SeekMo) -> Daten: C:\Programme\Seekmo\bin\11.0.175.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\WeatherDPA (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\RelevantKnowledge (PUP.Spyware.MarketScore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\xmldm (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\WINDOWS\system32\AcroIEHelpe.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\RelevantKnowledge\MSVCP71.DLL (PUP.Spyware.MarketScore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\RelevantKnowledge\MSVCR71.DLL (PUP.Spyware.MarketScore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



as far as I can tell right now, everything seems to work. Again thank you for your help and your fast replies ;D
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please run OTL again and click quickscan.


Post OTL.txt
  • 0

Advertisements


#11
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
OTL logfile created on: 16.07.2012 01:54:46 - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 21,46% Memory free
5,09 Gb Paging File | 2,84 Gb Available in Paging File | 55,81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 7,25 Gb Free Space | 24,74% Space Free | Partition Type: NTFS
Drive D: | 98,70 Gb Total Space | 13,90 Gb Free Space | 14,08% Space Free | Partition Type: NTFS
Drive E: | 8,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARTIN | User Name: Mörtl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.14 19:34:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- D:\Games\Smite\HiPatchService.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.17 20:03:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- D:\Programme\DAEMON Tools Pro\DTAgent.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010.12.14 17:44:20 | 000,216,456 | ---- | M] (Geek Software GmbH) -- D:\Programme\pdf24\pdf24.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.02.01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- D:\Programme\Winamp\winampa.exe
PRC - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2008.06.25 14:13:48 | 005,625,344 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- D:\Programme\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.30 22:27:40 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.17 20:03:27 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 12:07:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 12:07:29 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.14 00:56:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.06.14 00:48:36 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_661ee55a\system.drawing.dll
MOD - [2012.06.14 00:48:30 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4759fd05\system.windows.forms.dll
MOD - [2012.06.14 00:48:20 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012.05.16 01:03:28 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012.05.16 01:02:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.16 01:00:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.16 00:58:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.16 00:58:51 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.16 00:53:21 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_381d9d0c\mscorlib.dll
MOD - [2012.05.16 00:53:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_afb934ab\system.xml.dll
MOD - [2012.05.16 00:53:07 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5dbeca5b\system.dll
MOD - [2012.05.16 00:53:03 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.05.16 00:53:02 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- D:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.05.06 17:53:39 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.06 17:53:39 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.05.06 17:53:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.04.25 12:57:36 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.04.25 01:44:53 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010.04.22 15:27:02 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010.04.22 15:27:02 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_de_a53cf5803f4c3827\hpqisrtb.resources.dll
MOD - [2010.04.22 15:27:00 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010.04.22 15:26:59 | 000,294,912 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_de_a53cf5803f4c3827\hpqbakup.resources.dll
MOD - [2010.04.22 15:26:46 | 000,380,928 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2010.04.22 15:26:46 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2010.04.22 15:26:24 | 001,032,192 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010.04.22 15:26:24 | 000,331,776 | ---- | M] () -- c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_de_a53cf5803f4c3827\hpqedit.resources.dll
MOD - [2010.04.22 15:26:23 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010.04.22 15:26:22 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010.04.22 15:26:20 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010.04.22 15:26:17 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010.04.22 15:26:17 | 000,015,360 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010.04.22 15:26:17 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010.04.22 15:26:16 | 000,364,544 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010.04.22 15:26:16 | 000,188,416 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010.04.22 15:26:16 | 000,135,168 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcc2.resources.dll
MOD - [2010.04.22 15:26:16 | 000,122,880 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_de_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2010.04.22 15:26:16 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010.04.22 15:26:16 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010.04.22 15:26:16 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010.04.22 15:26:16 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010.04.22 15:26:16 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010.04.22 15:26:16 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010.04.22 15:26:16 | 000,012,800 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_de_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2010.04.22 15:26:15 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010.04.22 15:24:57 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010.04.22 15:24:57 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010.04.22 15:24:57 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_de_a53cf5803f4c3827\hpqprrsc.resources.dll
MOD - [2010.04.22 15:24:56 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010.04.22 15:24:56 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010.04.22 15:24:56 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010.04.22 15:24:56 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010.04.22 15:24:56 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010.04.22 15:24:56 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010.04.22 15:24:56 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010.04.22 15:24:56 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010.04.22 15:24:56 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010.04.22 15:24:19 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.22 15:24:19 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\system.resources\1.0.5000.0_de_b77a5c561934e089\system.resources.dll
MOD - [2010.04.22 15:23:35 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2008.06.25 14:13:48 | 005,625,344 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2008.04.15 10:07:34 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.01.10 10:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2005.05.11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\pngio.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- D:\Games\Smite\HiPatchService.exe -- (HiPatchService)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.17 20:03:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 15:13:28 | 000,185,856 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.02.24 22:01:00 | 003,432,444 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme\Garena Classic\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Unknown] -- D:\Games\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (azh1crrn)
DRV - [2012.07.08 19:37:07 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.30 17:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.01.05 23:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.12.19 13:33:03 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.12.19 13:32:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.12.19 13:32:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 04:50:10 | 000,103,424 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FXX\qcusbser.sys -- (qcusbser)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2008.06.25 18:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://leagueoflegends.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.sweeti...h.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 [2012.03.20 12:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\Web Assistant\Firefox [2012.06.30 16:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.10 17:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.10 17:42:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11002 [2012.03.20 12:43:06 | 000,000,000 | ---D | M]

[2010.04.22 16:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Extensions
[2012.06.30 16:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions
[2012.07.14 21:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions
[2010.07.25 10:11:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.25 18:35:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.31 22:03:38 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\battlefieldheroespatcher@ea.com
[2012.06.30 16:07:00 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Mozilla\Firefox\Profiles\zzitqsk4.default\extensions\OneClickDownload@OneClickDownload.com
[2012.07.14 19:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.07 14:41:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MöRTL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZZITQSK4.DEFAULT\EXTENSIONS\ONECLICKDOWNLOAD@ONECLICKDOWNLOAD.COM
[2012.06.30 16:12:29 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAMME\WEB ASSISTANT\FIREFOX
[2012.06.17 20:03:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.17 20:03:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 20:03:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.17 20:03:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 20:03:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 20:03:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 20:03:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.babylo...000002215853a55
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.07.15 21:45:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] D:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Six Engine] C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] D:\Programme\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Media Finder] "C:\Programme\Media Finder\Media Finder.exe" /opentotray File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\Mörtl\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340790576406 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6293937-AC61-425D-9EAE-F1BF34B1623E}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.22 15:09:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc32e40-c925-11e1-bc97-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.15 21:51:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.12 09:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Flyff
[2012.07.10 19:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.07.10 18:32:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Chromium
[2012.07.10 18:32:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\My Games
[2012.07.10 17:56:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hi-Rez Studios
[2012.07.10 17:56:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Hi-Rez Studios
[2012.07.10 17:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2012.07.10 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\NetSpeedMonitor
[2012.07.10 15:34:42 | 000,000,000 | ---D | C] -- C:\Programme\NetSpeedMonitor
[2012.07.10 10:31:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Avira
[2012.07.10 10:26:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.07.10 10:26:20 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.07.10 10:26:20 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.07.10 10:26:20 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.07.10 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.07.09 09:29:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubisoft
[2012.07.08 21:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\Assassin's Creed Revelations
[2012.07.08 20:47:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PunkBuster
[2012.07.08 20:47:14 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
[2012.07.08 19:37:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Pro
[2012.07.08 19:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2012.06.30 20:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.06.30 16:17:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Media Finder
[2012.06.30 16:13:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
[2012.06.30 16:12:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OptimizerPro
[2012.06.30 16:12:29 | 000,000,000 | ---D | C] -- C:\Programme\Web Assistant
[2012.06.30 16:11:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2012.06.30 16:07:02 | 000,000,000 | ---D | C] -- C:\Programme\Gophoto.it
[2012.06.30 16:05:55 | 000,000,000 | ---D | C] -- C:\Programme\1ClickDownload
[2012.06.26 10:48:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.06.25 12:05:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mörtl\Recent
[2012.06.25 10:21:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Mörtl\PrivacIE
[2012.06.23 12:22:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\Sun
[2012.06.23 12:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.06.23 12:21:53 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2012.06.23 12:21:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Oracle
[2012.06.21 22:11:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Plants vs. Zombies
[2012.06.21 14:13:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.06.21 14:13:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Games
[2012.06.21 14:11:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2012.06.21 14:09:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BigFishGamesCache

========== Files - Modified Within 30 Days ==========

[2012.07.16 01:48:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-746137067-839522115-1003UA.job
[2012.07.15 22:04:43 | 000,527,534 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.15 22:04:43 | 000,502,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.15 22:04:43 | 000,105,628 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.15 22:04:43 | 000,088,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.15 22:01:08 | 000,198,612 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.07.15 22:01:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012.07.15 22:00:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.15 21:45:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.07.14 07:28:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.13 13:14:42 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\HRUPPROG.DIE.NOW
[2012.07.13 02:48:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-746137067-839522115-1003Core.job
[2012.07.12 19:49:57 | 000,002,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Google Chrome.lnk
[2012.07.12 09:16:02 | 000,123,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.12 09:03:58 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.11 23:30:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.10 17:56:13 | 000,000,640 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Smite Closed Beta.lnk
[2012.07.10 17:56:13 | 000,000,631 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.07.10 16:49:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.07.10 14:43:38 | 000,045,194 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\room_v3.dat
[2012.07.10 11:41:35 | 000,494,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Alter Verwalter.jpg
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.03 10:21:06 | 000,002,047 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.06.30 22:33:42 | 000,000,142 | -H-- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\.~lock.ycyvcxxcyvbvvbvcb.odt#
[2012.06.30 22:31:03 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.06.30 21:00:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012.06.30 16:17:05 | 000,000,703 | ---- | M] () -- C:\user.js
[2012.06.27 18:30:59 | 000,561,593 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\bilder papa gebu.odt
[2012.06.27 18:20:22 | 000,260,237 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertel.gif
[2012.06.27 18:19:33 | 000,131,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertl2.GIF
[2012.06.26 19:02:20 | 000,040,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\cqwxleiy.JPG
[2012.06.26 18:56:50 | 000,019,305 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\TS.JPG
[2012.06.25 20:20:17 | 000,003,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\test.JPG
[2012.06.22 15:08:33 | 000,387,410 | ---- | M] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\pb.bmp

========== Files Created - No Company Name ==========

[2012.07.13 13:14:42 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\HRUPPROG.DIE.NOW
[2012.07.10 17:56:13 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Smite Closed Beta.lnk
[2012.07.10 17:56:13 | 000,000,631 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.07.10 11:41:35 | 000,494,693 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\Alter Verwalter.jpg
[2012.06.30 22:33:42 | 000,000,142 | -H-- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\.~lock.ycyvcxxcyvbvvbvcb.odt#
[2012.06.30 22:31:03 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2012.06.30 22:31:03 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.06.30 21:00:26 | 000,001,650 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
[2012.06.30 21:00:26 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk
[2012.06.30 21:00:26 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk
[2012.06.30 16:12:33 | 000,000,703 | ---- | C] () -- C:\user.js
[2012.06.30 10:37:00 | 000,045,194 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\room_v3.dat
[2012.06.27 18:30:58 | 000,561,593 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\bilder papa gebu.odt
[2012.06.27 18:19:28 | 000,131,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertl2.GIF
[2012.06.27 18:14:06 | 000,260,237 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\waldviertel.gif
[2012.06.26 19:00:44 | 000,040,430 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\cqwxleiy.JPG
[2012.06.26 18:56:50 | 000,019,305 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\TS.JPG
[2012.06.26 10:49:44 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.06.25 20:20:17 | 000,003,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Eigene Dateien\test.JPG
[2012.06.22 14:18:34 | 000,387,410 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Desktop\pb.bmp
[2012.05.17 23:03:22 | 000,087,352 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.05.15 21:05:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.31 04:52:14 | 000,179,814 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.03.31 04:52:14 | 000,179,814 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1993962763-746137067-839522115-1003-0.dat
[2012.02.11 22:37:14 | 000,000,854 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2011.05.14 08:52:58 | 000,030,253 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011.01.24 21:06:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.01.21 09:32:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2011.01.21 09:32:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2011.01.12 13:16:57 | 000,001,206 | ---- | C] () -- C:\WINDOWS\DISNEY.INI
[2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.10.31 22:43:09 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PnkBstrK.sys
[2010.10.31 22:42:41 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010.10.18 19:43:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.10.18 19:43:00 | 000,042,112 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.10.10 19:00:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010.09.22 12:12:49 | 000,003,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PData.MMM
[2010.09.22 12:12:49 | 000,003,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PData.MM1
[2010.08.22 09:59:20 | 000,000,037 | ---- | C] () -- C:\WINDOWS\mpegtoiPodconverter.ini
[2010.08.22 09:58:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysMPEGtoiPod.dat
[2010.08.08 00:42:56 | 000,029,440 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.22 17:26:10 | 000,123,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 15:37:07 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Mörtl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

========== LOP Check ==========

[2012.05.13 00:47:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net
[2010.05.06 17:59:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bentley
[2012.06.30 16:47:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2010.12.19 13:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.12.11 22:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.07.08 20:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2011.05.11 14:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.04.28 17:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios
[2012.07.10 17:56:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hi-Rez Studios
[2012.01.07 18:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2012.06.30 16:28:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2010.07.09 19:45:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2012.06.30 16:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OptimizerPro
[2012.06.30 16:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
[2011.02.28 20:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2012.06.21 15:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.07.08 21:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2010.08.19 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010.05.11 13:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010.07.09 18:49:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0AB34A1C-91C1-45BB-8B32-A0746A30DC96}
[2010.06.22 14:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.09 15:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}
[2011.07.14 13:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\.minecraft
[2011.06.15 16:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Ahnenblatt
[2010.09.22 12:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\AUTOSICH
[2010.05.06 17:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Bentley
[2012.06.25 12:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Lite
[2012.07.08 20:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DAEMON Tools Pro
[2012.05.23 11:19:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DVDVideoSoft
[2012.05.23 11:19:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.06.12 11:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Facebook
[2011.05.31 15:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\GenJ3
[2010.12.16 12:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\GetRightToGo
[2011.04.28 14:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\gtk-2.0
[2011.05.19 21:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\ICQ
[2011.08.24 19:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\id Software
[2010.06.30 00:42:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\LolClient
[2012.05.24 13:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\LolClient2
[2012.06.30 16:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Media Finder
[2012.07.16 02:01:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\NetSpeedMonitor
[2011.02.14 17:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Notepad++
[2011.05.15 00:29:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Octoshape
[2010.04.25 12:58:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\OpenOffice.org
[2012.06.23 12:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Oracle
[2010.09.04 21:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PDF Software
[2012.07.08 20:47:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\PunkBuster
[2010.10.18 19:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Samsung
[2012.05.14 10:28:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\ScummVM
[2012.06.25 12:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\TS3Client
[2010.09.15 20:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Ubisoft
[2012.01.07 18:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mörtl\Anwendungsdaten\Unity
[2012.07.15 22:01:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B1FBBD09

< End of report >
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Clear the Java Cache by following the instructions here


Step 2.

Click Start >> Control Panel >> Add/remove programs and uninstall Java 6 23.

If you do not have two separate Java's then please follow these directions:

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step 3.


You will need to reset the Chrome default search engine manually

There are details here on how to do that

Make sure you delete the Babylon search engine.


Step 4.

Please confirm you have completed these steps and let me know how the computer is running
  • 0

#13
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I am not sure if I deleted it the right way, I couldn't completely follow the instructions(the pictures shown didn't match my chrome options(mb because I had another version or something)) but got to an submenu saying search engines and removed babylon search engine from it.
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Here is the chrome page for it. Please check and verify Babylon is gone.
  • 0

#15
Modin

Modin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Okay thank you I did as described in the last link. It should be gone now... how can I verify that it's really gone?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP