Notebook wird träger weil sich programme einfach so öffnen

01.02.2012, 02:26

soulwolf51

...neu hier

Beiträge: 2

#1 Hallo liebes Protecus forum

ich hab leider ein kleines problem mit meinem Pc (notebook).

Also:
Wie der Titel schon sagt, öffnen sich irrgendwelche Programme, die ich nicht einmal kenne.
z.b. sagt der TaskManager unter "Prozesse" an, das sich eine "Siaport.exe" auf meinem Pc befindet.
So schlies ich diese startet sie sich mit nochmehr arbeitsspeicherverbrauch wieder.
Es starten sich zudem noch andere Sachen, wie JAWAW.exe, minecraft cracked, AppLaunch,...
So es starten sich aber nicht nur solche Sachen, sondern auch welche deren name kein sinn macht.
da steht dan einfach nur irwelche buchtaben/zahlen die aussehen als wäre ne Katze über die Tastatur gelaufen.
Nach dem schliessen dieser Programme lad irgendwas, aber der TaskManager zeigt dazu nichts an :/.
Bei dem satz "so starte sich zudem" sag ich das sich "minecraft cracked" startet, der Hacken ist aber, das ich das nie gedownloadet hab...
Genauso wie "siaport.exe" ich weiss nichtma was das is.

Frage:
wisst ihr was ich tuhen kan um das weg zu bekommen?

Was vergessen:
vergessen zu erwähnen das mit dem Programm starten is schon etwas länger her das das angefangen hat,
und das der Pc (Notebook) träger wird seit heute (naja eher gestern ^^)

01.02.2012, 08:13

Swisstreasure

Moderator

Beiträge: 5694

#2 Schritt 1

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

ACHTUNG: Falls Du ein 64Bit System hast musst du den nächsten Schritt nicht machen.

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
• Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.
• Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.

• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
• Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".

Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).

• Wenn der Scan fertig ist, bleibt die Zeile leer.

Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

01.02.2012, 10:01

soulwolf51

...neu hier

Themenstarter

Beiträge: 2

#3 Moin,
danke erstma für die schnelle Antwort.
Muss dazu jetz aber noch sagen das ich den "siaport" mist wegbekommen habe.
Aber lieber ma auf nummer sicher,
hier die OTL.txt datei:

OTL logfile created on: 01.02.2012 09:44:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,38% Memory free
9,99 Gb Paging File | 8,50 Gb Available in Paging File | 85,10% Paging File free
Paging file location(s): C:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,85 Gb Total Space | 138,91 Gb Free Space | 70,93% Space Free | Partition Type: NTFS

Computer Name: MARTIN-PC | User Name: martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.02.01 09:42:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\martin\Downloads\OTL.exe
PRC - [2012.01.31 22:19:06 | 000,326,656 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Microsoft\csrss.exe
PRC - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.17 14:59:28 | 000,037,888 | RHS- | M] (NVIDIA Corporation) -- C:\Users\martin\AppData\Local\Temp\System\nvxdsinc.exe
PRC - [2011.12.07 12:31:06 | 000,279,968 | ---- | M] () -- C:\PROGRA~2\Ticno\Multibar\SearchService.exe
PRC - [2011.10.24 18:25:58 | 000,235,232 | ---- | M] () -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.01.31 22:19:06 | 000,326,656 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Microsoft\csrss.exe
MOD - [2012.01.13 16:11:45 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
MOD - [2011.12.30 11:18:31 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.12.30 11:18:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2011.12.19 18:59:00 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.07 12:31:06 | 000,279,968 | ---- | M] () [Auto | Running] -- C:\PROGRA~2\Ticno\Multibar\SearchService.exe -- (TicnoSearch)
SRV - [2011.11.23 11:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011.10.24 18:25:58 | 000,235,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.01 17:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012.01.24 14:07:03 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwLv64.sys -- (NETwLv64) Intel(R)
DRV:64bit: - [2012.01.24 14:01:08 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.01.24 14:00:34 | 000,064,040 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2012.01.24 13:59:43 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.12.28 01:12:21 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.11.15 04:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.11.22 09:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys -- (X5XSEx)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.01 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\npptNT2.sys -- (NPPTNT2)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={6B8E37FE-D26E-4213-962B-BDAD389680E7}
IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 01 35 B8 2B C2 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://search.imesh.com"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=1022&systemid=1&sr=0&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\martin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\martin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.26 21:50:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.17 16:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.1\FF [2012.01.04 16:31:35 | 000,000,000 | ---D | M]

[2012.01.17 16:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\mozilla\Extensions
[2012.01.31 23:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\mozilla\Firefox\Profiles\618klz7j.default\extensions
[2012.01.17 16:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\618KLZ7J.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\618KLZ7J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\618KLZ7J.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\martin\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\martin\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\martin\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.2_0\BabylonChromePI.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\martin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: PriceGong = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.4_0\
CHR - Extension: YouTube = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Babylon Translator = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.01.07 03:34:13 | 000,000,023 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL (iMesh, Inc)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (A Free Ride Games Bar Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [csrss] C:\Users\martin\AppData\Roaming\Microsoft\csrss.exe ()
O4 - HKCU..\Run: [Microsoft® Windows® Operating System] C:\Users\martin\AppData\Local\Temp\System\nvxdsinc.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m File not found
O4 - HKCU..\Run: [Quick Hide Windows] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\install\server.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24ACB7A-F18D-48CF-BE45-B147000B35C1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24ACB7A-F18D-48CF-BE45-B147000B35C1}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) -C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) -C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{B5930B6C-394C-4F34-85DE-B91485792E76} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - C:\Windows\system32\install\server.exe Restart
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk - C:\Programme\Rainmeter\Rainmeter.exe - ()
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Babylon Client - hkey= - key= - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
MsConfig:64bit - StartUpReg: COMODO - hkey= - key= - C:\Programme\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
MsConfig:64bit - StartUpReg: COMODO Internet Security - hkey= - key= - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
MsConfig:64bit - StartUpReg: CPA - hkey= - key= - C:\Programme\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
MsConfig:64bit - StartUpReg: DATAMNGR - hkey= - key= - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE (iMesh, Inc)
MsConfig:64bit - StartUpReg: DriverScanner - hkey= - key= - C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
MsConfig:64bit - StartUpReg: Exetender - hkey= - key= - C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
MsConfig:64bit - StartUpReg: Intel AppUp(SM) center - hkey= - key= - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk ()
MsConfig:64bit - StartUpReg: Intel AppUp(SM) center_Nagware - hkey= - key= - C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.lnk ()
MsConfig:64bit - StartUpReg: multibar.exe - hkey= - key= - C:\Program Files (x86)\Ticno\Multibar\multibar.exe ()
MsConfig:64bit - StartUpReg: PCSpeedUp - hkey= - key= - C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
MsConfig:64bit - StartUpReg: Spiele Post - hkey= - key= - C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.02.01 05:36:42 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Process Hacker 2
[2012.02.01 05:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012.02.01 05:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2012.02.01 05:15:49 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\TaskManager
[2012.02.01 05:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Extended Task Manager
[2012.02.01 05:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Free Extended Task Manager
[2012.02.01 05:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TaskManager
[2012.01.29 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\BC + IC
[2012.01.29 16:30:16 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Neuer Ordner (5)
[2012.01.28 20:24:44 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Uniblue.PowerSuite.2012.3.0.5.5.Multilingual By fiQsredHatz
[2012.01.28 20:19:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.01.28 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Neuer Ordner (4)
[2012.01.28 14:27:42 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Neuer Ordner (3)
[2012.01.27 17:32:10 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Neuer Ordner (2)
[2012.01.27 17:06:33 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CustomStuff
[2012.01.27 17:05:58 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Neuer Ordner
[2012.01.27 01:03:11 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Dolphin
[2012.01.26 00:02:59 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\MC
[2012.01.25 23:58:40 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\vlc
[2012.01.25 23:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.25 23:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.01.25 23:32:28 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\mc gun mod
[2012.01.25 23:07:52 | 000,000,000 | ---D | C] -- C:\Users\martin\Downloads
[2012.01.25 18:35:06 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\bu
[2012.01.25 13:00:43 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\ggg
[2012.01.24 14:17:41 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\ElevatedDiagnostics
[2012.01.24 14:16:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.01.24 14:15:13 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.01.24 14:15:12 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.01.24 14:15:12 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.01.24 14:15:12 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.01.24 14:15:12 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.01.24 14:15:12 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.01.24 14:15:12 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.01.24 14:15:12 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.01.24 14:15:12 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.01.24 14:15:10 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.01.24 14:15:10 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.01.24 14:15:10 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.01.24 14:15:09 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.01.24 14:15:03 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.01.24 14:15:03 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.01.24 14:15:01 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.01.24 14:15:01 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.01.24 14:15:01 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.01.24 14:15:01 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.01.24 14:15:01 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.01.24 14:15:00 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.01.24 14:15:00 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.01.24 14:15:00 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll
[2012.01.24 14:15:00 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.01.24 14:15:00 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.01.24 14:14:59 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.01.24 14:14:59 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.01.24 14:14:56 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.01.24 14:14:56 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.01.24 14:14:55 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.01.24 14:14:55 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.01.24 14:14:55 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.01.24 14:14:55 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.01.24 14:14:55 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.01.24 14:14:55 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.01.24 14:14:55 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.01.24 14:14:54 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.01.24 14:14:54 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.01.24 14:14:54 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.01.24 14:14:54 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.01.24 14:14:54 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.01.24 14:14:54 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.01.24 14:14:54 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.01.24 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.01.24 14:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.01.24 14:01:08 | 000,396,584 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012.01.24 14:01:08 | 000,305,200 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012.01.24 14:01:08 | 000,264,488 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2012.01.24 14:01:08 | 000,210,216 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012.01.24 14:01:08 | 000,207,144 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012.01.24 14:01:08 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012.01.24 14:01:08 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2012.01.24 14:01:08 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012.01.24 14:00:34 | 000,064,040 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1E62x64.sys
[2012.01.23 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\pymclevel
[2012.01.23 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\MCEdit-schematics
[2012.01.23 14:55:50 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit
[2012.01.23 14:55:48 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\MCEdit
[2012.01.23 13:58:38 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Minecraft Profile Manager
[2012.01.22 22:50:27 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\gamesport
[2012.01.22 22:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kubik
[2012.01.22 19:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.01.22 19:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.01.22 19:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.01.22 17:23:12 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\TeamViewer
[2012.01.21 23:17:10 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Blender Foundation
[2012.01.21 14:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2012.01.21 14:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2012.01.20 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Rovio
[2012.01.20 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Halfbrick
[2012.01.20 19:33:07 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Intel
[2012.01.20 19:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halfbrick Studios
[2012.01.20 19:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Halfbrick Studios
[2012.01.20 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2012.01.20 19:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2012.01.20 19:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.01.20 19:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.01.20 19:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.01.20 19:25:59 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Adobe
[2012.01.20 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
[2012.01.20 19:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.01.20 19:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.01.19 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.01.19 20:33:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.01.19 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012.01.19 20:29:34 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Uniblue
[2012.01.19 20:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.01.19 20:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.01.18 20:03:59 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\TunkDesign_Inc
[2012.01.17 20:24:28 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\.Nitrous
[2012.01.17 17:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.01.17 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Mozilla
[2012.01.17 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Mozilla
[2012.01.17 16:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.01.15 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\CraftBukkit Server
[2012.01.15 18:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CraftBukkit Server
[2012.01.15 18:14:06 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\CraftBukkit Serverh
[2012.01.14 18:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2012.01.14 16:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.01.14 16:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.01.14 16:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.01.13 23:07:44 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\LogMeIn Hamachi
[2012.01.13 23:07:36 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.01.13 23:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.01.13 23:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.01.13 23:06:42 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Microsoft Games
[2012.01.13 23:04:56 | 000,000,000 | ---D | C] -- C:\Users\martin\Desktop\Minecraft
[2012.01.13 16:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012.01.13 16:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012.01.13 16:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012.01.12 19:36:42 | 000,000,000 | ---D | C] -- C:\Users\martin\.thumbnails
[2012.01.12 19:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2012.01.12 19:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2012.01.11 22:28:02 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR
[2012.01.11 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.01.09 21:57:41 | 000,000,000 | ---D | C] -- C:\Users\martin\bluej
[2012.01.09 21:57:30 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJ
[2012.01.09 21:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueJ
[2012.01.08 19:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSPad editor
[2012.01.08 15:25:07 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Home
[2012.01.08 14:58:02 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\LuaEdit
[2012.01.08 14:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LuaEdit 2010
[2012.01.08 14:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LuaEdit 2010
[2012.01.08 12:44:58 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.01.08 12:44:58 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.01.08 12:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.01.08 12:44:42 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\ManicDiggerUserData
[2012.01.08 12:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manic Digger
[2012.01.08 12:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Manic Digger
[2012.01.08 12:16:10 | 000,000,000 | ---D | C] -- C:\Users\martin\Neuer Ordner (3)
[2012.01.07 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\worlds
[2012.01.07 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\dscraft
[2012.01.07 14:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.01.07 04:02:45 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\SunnyHacks
[2012.01.07 03:59:22 | 000,000,000 | ---D | C] -- C:\SunnyHacks
[2012.01.06 22:00:23 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\BearShare
[2012.01.06 21:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications
[2012.01.06 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare
[2012.01.06 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BearShare
[2012.01.06 21:59:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}
[2012.01.06 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\MusicNet
[2012.01.06 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\My Received Files
[2012.01.06 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\iMesh
[2012.01.06 21:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
[2012.01.06 21:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
[2012.01.06 21:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\iMesh
[2012.01.06 21:51:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
[2012.01.04 18:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.01.04 16:33:00 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\The Free YouTube Downloader
[2012.01.04 16:33:00 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\SavantSoftLLC
[2012.01.04 16:32:01 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Free YouTube Downloader
[2012.01.04 16:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Free YouTube Downloader
[2012.01.04 15:43:12 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\BPK
[2012.01.03 22:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.01.03 22:15:14 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2012.01.03 22:15:12 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Conduit
[2012.01.03 22:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A_Free_Ride_Games_Bar
[2012.01.03 22:15:03 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2012.01.03 22:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2012.01.03 22:15:00 | 000,053,314 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2012.01.03 22:14:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.01.03 22:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Ride Games
[2012.01.03 22:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.01.03 14:42:54 | 000,000,000 | RHSD | C] -- C:\install
[2012.01.03 02:29:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.02 14:17:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2012.01.02 14:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.01.02 14:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012.01.02 14:16:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012.01.02 14:16:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012.01.02 14:16:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031
[2012.01.02 14:16:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031
[2012.01.02 14:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.01.02 14:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012.01.02 14:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.01.02 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft Corporation
[2012.01.02 13:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012.01.02 13:01:23 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Paint.NET
[2012.01.02 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Ticno
[2012.01.02 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Breakpad
[2012.01.02 10:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Ticno
[2012.01.02 10:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ticno
[2012.01.02 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Installer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.02.01 09:48:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1434289781-1796923604-2765460436-1000UA.job
[2012.02.01 09:45:28 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 09:45:28 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 09:44:30 | 001,799,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.01 09:44:30 | 000,763,042 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.01 09:44:30 | 000,718,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.01 09:44:30 | 000,173,396 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.01 09:44:30 | 000,146,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.01 09:35:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.01 09:35:10 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.01 05:34:07 | 000,001,841 | ---- | M] () -- C:\Users\martin\Desktop\Process Hacker 2.lnk
[2012.02.01 04:48:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1434289781-1796923604-2765460436-1000Core.job
[2012.02.01 04:45:20 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for martin.job
[2012.01.30 21:39:08 | 007,043,817 | ---- | M] () -- C:\Users\martin\Desktop\minecraft.jar
[2012.01.30 21:34:40 | 000,023,040 | ---- | M] () -- C:\Users\martin\Desktop\Browser.exe
[2012.01.29 16:01:56 | 018,295,963 | ---- | M] () -- C:\Users\martin\Desktop\CampCraft Mod Pack 1.1 v3 - Single Player version.rar
[2012.01.29 16:00:28 | 018,342,294 | ---- | M] () -- C:\Users\martin\Desktop\CampCraft Mod Pack 1.1 - Smp version - Without Anvil.rar
[2012.01.29 00:55:39 | 000,012,423 | ---- | M] () -- C:\Users\martin\Desktop\HiddenDoors (1.1.0).zip
[2012.01.28 23:36:02 | 000,027,137 | ---- | M] () -- C:\Users\martin\Desktop\Minerraria_Core_Server.zip
[2012.01.28 23:35:51 | 000,102,725 | ---- | M] () -- C:\Users\martin\Desktop\Minerraria_Core_Client.zip
[2012.01.28 20:25:35 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012.01.27 23:44:04 | 004,007,496 | ---- | M] () -- C:\Users\martin\Desktop\%22Enderborn%22SongandMusicVideo.mp3
[2012.01.27 17:50:23 | 000,745,072 | ---- | M] () -- C:\Users\martin\Desktop\SinglePlayerCommands-MC1.1.0_V3.1.0.jar
[2012.01.27 17:08:50 | 000,000,074 | ---- | M] () -- C:\Users\martin\Desktop\test.recipe
[2012.01.25 23:58:34 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.01.25 23:57:09 | 000,000,253 | ---- | M] () -- C:\Users\martin\Desktop\MCAutoBullet.png
[2012.01.25 23:50:25 | 000,000,343 | ---- | M] () -- C:\Users\martin\Desktop\MCAutoSniper.png
[2012.01.25 23:41:25 | 000,000,000 | ---- | M] () -- C:\Users\martin\Desktop\Neue Bitmap (2).bmp
[2012.01.25 23:41:22 | 000,000,000 | ---- | M] () -- C:\Users\martin\Desktop\Neue Bitmap.bmp
[2012.01.24 14:01:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.01.24 14:01:08 | 000,396,584 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012.01.24 14:01:08 | 000,305,200 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012.01.24 14:01:08 | 000,264,488 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2012.01.24 14:01:08 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012.01.24 14:01:08 | 000,207,144 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012.01.24 14:01:08 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012.01.24 14:01:08 | 000,147,752 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2012.01.24 14:01:08 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012.01.24 14:00:34 | 000,064,040 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1E62x64.sys
[2012.01.23 18:22:57 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012.01.23 15:07:07 | 000,002,029 | ---- | M] () -- C:\Users\martin\Documents\mcedit.ini
[2012.01.21 17:02:23 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2012.01.20 19:30:17 | 000,002,545 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2012.01.18 22:59:16 | 000,226,455 | ---- | M] () -- C:\Users\martin\Desktop\Plasmacraft-0.2.6.zip
[2012.01.17 16:29:43 | 000,143,360 | ---- | M] () -- C:\Users\martin\AppData\Roaming\chrtmp
[2012.01.14 18:15:51 | 000,004,411 | ---- | M] () -- C:\user.js
[2012.01.14 14:16:42 | 000,125,056 | ---- | M] () -- C:\Users\martin\Desktop\Paintball.zip
[2012.01.13 21:31:18 | 003,450,384 | ---- | M] () -- C:\Users\martin\2012-01-13_21.29.13.png
[2012.01.13 21:31:06 | 001,996,908 | ---- | M] () -- C:\Users\martin\2012-01-13_21.28.52.png
[2012.01.13 21:30:51 | 001,301,176 | ---- | M] () -- C:\Users\martin\2012-01-13_21.29.01.png
[2012.01.13 20:30:49 | 001,643,732 | ---- | M] () -- C:\Users\martin\2012-01-13_20.29.29.png
[2012.01.13 20:30:47 | 001,412,058 | ---- | M] () -- C:\Users\martin\2012-01-13_20.29.40.png
[2012.01.12 15:48:01 | 001,777,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.11 22:28:11 | 000,000,131 | ---- | M] () -- C:\Windows\xUninstall.bat
[2012.01.09 13:34:04 | 000,271,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.08 12:44:58 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.01.08 12:44:58 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.01.07 16:09:48 | 000,000,000 | ---- | M] () -- C:\Users\martin\Documents\testmap.map
[2012.01.07 03:34:13 | 000,000,023 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.01.03 22:23:05 | 000,003,079 | -H-- | M] () -- C:\Users\martin\AppData\Roaming\martinlog.dat
[2012.01.03 22:15:04 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2012.01.03 14:42:56 | 000,001,713 | ---- | M] () -- C:\Users\martin\AppData\Roaming\martin3SQLite3.dll
[2012.01.02 11:13:49 | 000,000,359 | ---- | M] () -- C:\Users\martin\Papierkorb.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.02.01 05:34:07 | 000,001,841 | ---- | C] () -- C:\Users\martin\Desktop\Process Hacker 2.lnk
[2012.01.31 19:39:41 | 007,043,817 | ---- | C] () -- C:\Users\martin\Desktop\minecraft.jar
[2012.01.30 21:37:30 | 000,023,040 | ---- | C] () -- C:\Users\martin\Desktop\Browser.exe
[2012.01.29 16:01:58 | 018,295,963 | ---- | C] () -- C:\Users\martin\Desktop\CampCraft Mod Pack 1.1 v3 - Single Player version.rar
[2012.01.29 16:01:37 | 018,342,294 | ---- | C] () -- C:\Users\martin\Desktop\CampCraft Mod Pack 1.1 - Smp version - Without Anvil.rar
[2012.01.29 00:55:38 | 000,012,423 | ---- | C] () -- C:\Users\martin\Desktop\HiddenDoors (1.1.0).zip
[2012.01.28 23:36:17 | 000,027,137 | ---- | C] () -- C:\Users\martin\Desktop\Minerraria_Core_Server.zip
[2012.01.28 23:36:14 | 000,102,725 | ---- | C] () -- C:\Users\martin\Desktop\Minerraria_Core_Client.zip
[2012.01.28 22:19:38 | 000,226,455 | ---- | C] () -- C:\Users\martin\Desktop\Plasmacraft-0.2.6.zip
[2012.01.28 20:25:35 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012.01.27 23:44:09 | 004,007,496 | ---- | C] () -- C:\Users\martin\Desktop\%22Enderborn%22SongandMusicVideo.mp3
[2012.01.27 17:50:24 | 000,745,072 | ---- | C] () -- C:\Users\martin\Desktop\SinglePlayerCommands-MC1.1.0_V3.1.0.jar
[2012.01.27 17:08:50 | 000,000,074 | ---- | C] () -- C:\Users\martin\Desktop\test.recipe
[2012.01.26 22:38:24 | 000,125,056 | ---- | C] () -- C:\Users\martin\Desktop\Paintball.zip
[2012.01.26 13:22:18 | 003,007,529 | ---- | C] () -- C:\Users\martin\Desktop\DokuCraft - The Saga Continues Dark.zip
[2012.01.26 13:22:18 | 003,001,649 | ---- | C] () -- C:\Users\martin\Desktop\DokuCraft - The Saga Continues Light.zip
[2012.01.26 13:22:18 | 002,993,828 | ---- | C] () -- C:\Users\martin\Desktop\DokuCraft - The Saga Continues High.zip
[2012.01.26 00:01:55 | 000,037,741 | ---- | C] () -- C:\Users\martin\Desktop\MCAutoShoot.ogg
[2012.01.26 00:00:54 | 000,037,741 | ---- | C] () -- C:\Users\martin\Desktop\MCAutoReload.ogg
[2012.01.25 23:58:34 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.01.25 23:57:07 | 000,000,253 | ---- | C] () -- C:\Users\martin\Desktop\MCAutoBullet.png
[2012.01.25 23:48:27 | 000,000,343 | ---- | C] () -- C:\Users\martin\Desktop\MCAutoSniper.png
[2012.01.25 23:41:25 | 000,000,000 | ---- | C] () -- C:\Users\martin\Desktop\Neue Bitmap (2).bmp
[2012.01.25 23:41:22 | 000,000,000 | ---- | C] () -- C:\Users\martin\Desktop\Neue Bitmap.bmp
[2012.01.24 14:15:03 | 000,200,468 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.01.24 14:01:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.01.23 18:21:42 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012.01.23 14:55:50 | 000,002,029 | ---- | C] () -- C:\Users\martin\Documents\mcedit.ini
[2012.01.22 22:50:25 | 000,000,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kubik.lnk
[2012.01.22 19:27:41 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.01.21 17:02:23 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2012.01.20 19:30:17 | 000,002,545 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2012.01.20 17:46:31 | 000,143,360 | ---- | C] () -- C:\Users\martin\AppData\Roaming\chrtmp
[2012.01.17 16:45:16 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.13 21:30:22 | 003,450,384 | ---- | C] () -- C:\Users\martin\2012-01-13_21.29.13.png
[2012.01.13 21:30:22 | 001,996,908 | ---- | C] () -- C:\Users\martin\2012-01-13_21.28.52.png
[2012.01.13 21:30:22 | 001,301,176 | ---- | C] () -- C:\Users\martin\2012-01-13_21.29.01.png
[2012.01.13 20:30:24 | 001,643,732 | ---- | C] () -- C:\Users\martin\2012-01-13_20.29.29.png
[2012.01.13 20:30:24 | 001,412,058 | ---- | C] () -- C:\Users\martin\2012-01-13_20.29.40.png
[2012.01.11 22:28:11 | 000,000,131 | ---- | C] () -- C:\Windows\xUninstall.bat
[2012.01.07 16:12:16 | 001,571,132 | ---- | C] () -- C:\Users\martin\Documents\DScraft.nds
[2012.01.07 16:12:16 | 000,032,352 | ---- | C] () -- C:\Users\martin\Documents\mapUpdate.exe
[2012.01.07 16:12:16 | 000,030,260 | ---- | C] () -- C:\Users\martin\Documents\mc2ds.rar
[2012.01.07 16:12:16 | 000,014,832 | ---- | C] () -- C:\Users\martin\Documents\mapGen.rar
[2012.01.07 16:12:16 | 000,000,000 | ---- | C] () -- C:\Users\martin\Documents\testmap.map
[2012.01.03 22:15:04 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.01.03 14:42:56 | 000,001,713 | ---- | C] () -- C:\Users\martin\AppData\Roaming\martin3SQLite3.dll
[2012.01.03 02:38:57 | 000,059,452 | ---- | C] () -- C:\Users\martin\Neuropol Medium.ttf
[2012.01.03 02:32:46 | 000,055,250 | ---- | C] () -- C:\Users\martin\01-198-FontsPack.TTF
[2012.01.03 02:32:44 | 000,046,604 | ---- | C] () -- C:\Users\martin\1196688495acme.ttf
[2012.01.02 11:13:49 | 000,000,359 | ---- | C] () -- C:\Users\martin\Papierkorb.lnk
[2011.12.31 04:16:44 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\moveex.exe
[2011.12.24 13:51:20 | 001,777,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.24 07:41:08 | 000,002,241 | ---- | C] () -- C:\Users\martin\AppData\Roaming\Tool-Store-Log.html
[2011.12.24 07:41:08 | 000,000,162 | ---- | C] () -- C:\Users\martin\AppData\Roaming\delme.bat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005.04.08 03:16:43 | 000,172,058 | -H-- | C] () -- C:\Users\martin\AppData\Roaming\logs.dat
[2005.04.08 03:16:43 | 000,003,079 | -H-- | C] () -- C:\Users\martin\AppData\Roaming\martinlog.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012.01.25 23:33:05 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\.minecraft
[2012.01.17 20:52:58 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\.Nitrous
[2012.01.14 19:47:20 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Babylon
[2012.01.21 23:17:10 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Blender Foundation
[2012.01.04 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\BPK
[2011.12.31 02:11:50 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Deep Shadows
[2012.01.11 22:38:50 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\DVDVideoSoft
[2011.12.30 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.22 22:50:27 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\gamesport
[2011.12.28 23:55:45 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\GO Games
[2012.01.02 10:20:51 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Installer
[2012.01.08 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\LuaEdit
[2012.01.06 21:53:02 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\MusicNet
[2012.01.01 20:24:05 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Notepad++
[2012.02.01 05:37:10 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Process Hacker 2
[2012.01.23 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\pymclevel
[2012.01.08 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Rainmeter
[2012.01.21 17:02:30 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Rovio
[2011.12.31 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Stardock
[2011.12.29 16:00:47 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Sysutils_Update
[2012.01.22 19:29:29 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\TeamViewer
[2012.02.01 05:18:21 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\TS3Client
[2012.01.28 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Uniblue
[2012.02.01 05:18:21 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\uTorrent
[2009.07.14 06:08:49 | 000,019,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.12.30 11:11:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.07 03:25:09 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.12.23 02:34:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.03 14:42:54 | 000,000,000 | RHSD | M] -- C:\install
[2011.12.23 03:57:40 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.01 05:34:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.25 23:58:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.01 05:15:23 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.25 03:19:57 | 000,000,000 | ---D | M] -- C:\ProgramFiles
[2011.12.23 02:34:08 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.23 02:34:08 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.04 20:53:23 | 000,000,000 | ---D | M] -- C:\Remote Programs
[2012.01.07 03:59:22 | 000,000,000 | ---D | M] -- C:\SunnyHacks
[2012.02.01 09:48:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.23 03:59:58 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.01 09:32:01 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:32 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:14:32 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >

und die Extra.txt:

OTL Extras logfile created on: 01.02.2012 09:44:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,38% Memory free
9,99 Gb Paging File | 8,50 Gb Available in Paging File | 85,10% Paging File free
Paging file location(s): C:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,85 Gb Total Space | 138,91 Gb Free Space | 70,93% Space Free | Partition Type: NTFS

Computer Name: MARTIN-PC | User Name: martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D237D67F-E77C-4D9E-AA66-8B7A821C215F}" = MFC RunTime files x64
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"Free Extended Task Manager" = Free Extended Task Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation
"Process_Hacker2_is1" = Process Hacker 2.27 (r4957)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{047B9A6A-21E7-45CF-8825-0A061EEF9B23}" = SweetIM Toolbar for Internet Explorer 4.3
"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
"{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6
"{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1" = Manic Digger
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35DF5855-7594-43C3-9119-0975FDFF6551}" = Fruit Ninja Lite 1.6.1
"{3B084BF4-EE49-451D-8261-FCA2EC4E3F18}" = Angry Birds Rio
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C581BAE4-34A2-45E7-4E3E-15623FDC32B4}" = Kubik
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DA899085-5492-4320-98BF-4F3ACEB23E01}" = SlimDX Redistributable for .NET 4.0 (March 2011)
"{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}" = bcTester 4.8 (de)
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"A_Free_Ride_Games_Bar Toolbar" = A Free Ride Games Bar Toolbar
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira Free Antivirus
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar on IE
"BearShare" = BearShare
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"CraftBukkit" = CraftBukkit
"Der Exorzist II" = Der Exorzist II
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Free 3D Video Maker_is1" = Free 3D Video Maker version 1.1.3.1206
"Free Studio_is1" = Free Studio version 5.3.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.3.1206
"Game Booster_is1" = Game Booster 3
"gamesport" = Kubik
"iMesh" = iMesh
"Intel AppUp(SM) center 35228" = Intel AppUp(SM) center
"LogMeIn Hamachi" = LogMeIn Hamachi
"LuaEdit 2010_is1" = LuaEdit 2010 (x86 - 3.0.7.0)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"multibar" = Ticno multibar
"Notepad++" = Notepad++
"NSS" = Norton Security Scan
"ObjectDock Plus 2" = ObjectDock Plus 2
"Oddly Enough: Der Rattenfänger von Hameln" = Oddly Enough: Der Rattenfänger von Hameln
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PriceGong" = PriceGong 2.5.4
"PSPad editor_is1" = PSPad editor
"Quick Hide_is1" = Quick Hide 1.8
"Rainmeter" = Rainmeter
"RealPlayer 15.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"StartupRun1" = Finderbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"The Free YouTube Downloader" = The Free YouTube Downloader
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Wincore MediaBar" = Wincore MediaBar
"WolfLite Cracked Version 1.00" = WolfLite Cracked Version 1.00
"WolfTeam International_is1" = WolfTeam International
"WolfTeam-DE" = WolfTeam-DE

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d5af3680496b13bd" = CustomStuff
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 30.01.2012 18:47:40 | Computer Name = martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8080.16413,
Zeitstempel: 0x4d4ceeab Name des fehlerhaften Moduls: guard32.dll, Version: 5.9.23139.2195,
Zeitstempel: 0x4eef85d3 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001d1a0 ID des fehlerhaften
Prozesses: 0x50b8 Startzeit der fehlerhaften Anwendung: 0x01ccdfa1190de1d6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\guard32.dll Berichtskennung: 697cdaa0-4b94-11e1-882c-00a0d1a888fe

Error - 31.01.2012 12:00:03 | Computer Name = martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8080.16413,
Zeitstempel: 0x4d4ceeab Name des fehlerhaften Moduls: guard32.dll, Version: 5.9.23139.2195,
Zeitstempel: 0x4eef85d3 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001d1bf ID des fehlerhaften
Prozesses: 0x3e24 Startzeit der fehlerhaften Anwendung: 0x01cce0315a4b1d8a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\guard32.dll Berichtskennung: a21aea2f-4c24-11e1-bb26-00a0d1a888fe

Error - 31.01.2012 12:00:08 | Computer Name = martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8080.16413,
Zeitstempel: 0x4d4ceeab Name des fehlerhaften Moduls: guard32.dll, Version: 5.9.23139.2195,
Zeitstempel: 0x4eef85d3 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001d1be ID des fehlerhaften
Prozesses: 0x38c4 Startzeit der fehlerhaften Anwendung: 0x01cce03159f470c5 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\guard32.dll Berichtskennung: a521088e-4c24-11e1-bb26-00a0d1a888fe

Error - 31.01.2012 12:01:30 | Computer Name = martin-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8080.16413 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3de4 Startzeit: 01cce03182649103 Endzeit: 23 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: d3e1c973-4c24-11e1-bb26-00a0d1a888fe

Error - 31.01.2012 12:01:40 | Computer Name = martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8080.16413,
Zeitstempel: 0x4d4ceeab Name des fehlerhaften Moduls: guard32.dll, Version: 5.9.23139.2195,
Zeitstempel: 0x4eef85d3 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001d1bf ID des fehlerhaften
Prozesses: 0x42d0 Startzeit der fehlerhaften Anwendung: 0x01cce03198f31ff3 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\guard32.dll Berichtskennung: dc5c9bfc-4c24-11e1-bb26-00a0d1a888fe

Error - 31.01.2012 12:01:42 | Computer Name = martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8080.16413,
Zeitstempel: 0x4d4ceeab Name des fehlerhaften Moduls: guard32.dll, Version: 5.9.23139.2195,
Zeitstempel: 0x4eef85d3 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001d1bf ID des fehlerhaften
Prozesses: 0x428c Startzeit der fehlerhaften Anwendung: 0x01cce03198c72d7b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\guard32.dll Berichtskennung: dd2ff2e1-4c24-11e1-bb26-00a0d1a888fe

Error - 31.01.2012 14:53:04 | Computer Name = martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8080.16413,
Zeitstempel: 0x4d4ceeab Name des fehlerhaften Moduls: guard32.dll, Version: 5.9.23139.2195,
Zeitstempel: 0x4eef85d3 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001d1bf ID des fehlerhaften
Prozesses: 0x6268 Startzeit der fehlerhaften Anwendung: 0x01cce04981069b63 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\guard32.dll Berichtskennung: cdd4e035-4c3c-11e1-bb26-00a0d1a888fe

Error - 31.01.2012 17:27:34 | Computer Name = martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8080.16413,
Zeitstempel: 0x4d4ceeab Name des fehlerhaften Moduls: guard32.dll, Version: 5.9.23139.2195,
Zeitstempel: 0x4eef85d3 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001d1be ID des fehlerhaften
Prozesses: 0x5588 Startzeit der fehlerhaften Anwendung: 0x01cce05f1c858115 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\guard32.dll Berichtskennung: 6384b810-4c52-11e1-bb26-00a0d1a888fe

Error - 31.01.2012 17:27:37 | Computer Name = martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8080.16413,
Zeitstempel: 0x4d4ceeab Name des fehlerhaften Moduls: guard32.dll, Version: 5.9.23139.2195,
Zeitstempel: 0x4eef85d3 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001d1be ID des fehlerhaften
Prozesses: 0x4b08 Startzeit der fehlerhaften Anwendung: 0x01cce05f1c5d10ed Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\guard32.dll Berichtskennung: 64f3418e-4c52-11e1-bb26-00a0d1a888fe

Error - 31.01.2012 21:35:30 | Computer Name = martin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\martin\Downloads\SoftonicDownloader_fuer_pocket-killbox.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ System Events ]
Error - 01.02.2012 04:32:47 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.02.2012 04:32:47 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.02.2012 04:32:47 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.02.2012 04:32:47 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.02.2012 04:32:47 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.02.2012 04:32:48 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.02.2012 04:32:48 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.02.2012 04:32:48 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.02.2012 04:32:54 | Computer Name = martin-PC | Source = DCOM | ID = 10005
Description =

Error - 01.02.2012 04:38:03 | Computer Name = martin-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "TicnoSearch" wurde nicht richtig gestartet.

< End of report >

01.02.2012, 12:02

Swisstreasure

Moderator

Beiträge: 5694

#4 Das sieht nach Backdor Bot aus:

Zitat

PRC - [2012.01.31 22:19:06 | 000,326,656 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Microsoft\csrss.exe

Scanne noch mit GMER danach folgenden Schritt:

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1