Home » Viren, Trojaner & Malware Forum » Bundesamt für sicherheit in der Informtionstechnik = virus =( » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Bundesamt für sicherheit in der Informtionstechnik = virus =(

30.07.2012, 22:59

sergy

...neu hier

Beiträge: 7

#1 hab den virus seid ein paar stunden, erst voreiner woche war ein ähnlicher virus drauf gewesen,den ich scheinbar losgeworden war indem ich vom abgesicherten modus aus eine systemwiederherstellung gemacht hab. doch wenn ich nun in den abgesicherten modus gehe, bekomme ich wieder die meldung das der pc gesperrt ist und ich geld per ukash überweisen soll.

ich werde diese seite echt nicht los, es geht nichts mehr. deshalb schreibe ich von einem anderen pc aus.ich hab mir schon andere fälle durchgelesen und hab den eindruck, als könnten andere noch irgendwas an ihrem pc machen trotz des viruses, bei mir geht wirklich gar nichts mehr ... nun gut, bin auch keine große Pc Kennerin.

kann mir jemand helfen? meine größte soege ist das ich meine ganzen datein vom studium verliehre und die ganzen pics von meinen kindern.bin echt am verzweifeln ...

lg sergy

30.07.2012, 23:22

Swisstreasure

Moderator

Beiträge: 5694

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Unbootbares System mit OTLPE Network scannen

• Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.

Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
• Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
• Lege eine leere CD in Deinen Brenner.
• ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
• Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
• Du kannst nun die Fenster des Brennprogramms schließen.

• Starte das unbootbare System neu und boote von der CD, die Du gerade erstellt hast.
Anmerkung: Wenn Du nicht weißt, wie Du Deinen Computer dazu bringst, von CD zu booten, dann folge diesen Schritten hier.
• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
• OTLpe sollte nun starten.

• Drücke Run Scan, um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt gesichert und mit Notepad++ geöffnet.
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt in diesen Thread.

Falls Du kein Brennprogramm hast:

ISOBurner
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Instructions.

30.07.2012, 23:47

sergy

...neu hier

Themenstarter

Beiträge: 7

#3 danke für die schnelle rückmeldung

ich mach mich dann mal ans werk!
*umarm*

EDIT
bin schon "gescheitert" muss erst mal cds besorgen -.-

Dieser Beitrag wurde am 31.07.2012 um 00:29 Uhr von sergy editiert.

31.07.2012, 11:53

Swisstreasure

Moderator

Beiträge: 5694

#4 Es geht auch mit USB Stick:

Erstellen wir einen bootbaren USB Stick für OTLPE

Wichtig:
Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht mehr vorhanden sein.

• • Downloade dir OTLPEstd.exe und speichere die Datei auf dem Desktop.
• Solltest Du kein 7-zip oder Winrar auf deinem System haben, lade dir 7-zip herunter und installiere es.
• Nach der Installation von 7-zip, extrahiere OTLPEstd mit einem Rechtsklick auf OTLPE.iso und wähle Entpacken nach "OTLPEstd\".

Nun öffne bitte den Ordner OTLPEStd und mache einen Rechtklick auf die OTLPE_New_Std.iso und wähle in 7zip Dateien entpacken

Entpacke die Dateien in einen Ordner ( OTLPE ) auf dem Desktop. Nehme bitte ebenfalls die Einstellung wie im Bild vor.

Downloade dir eeepcfr.zip und entpacke die Datei nach Systemroot (meistens C:\).
• Leere den USB Stick auf den Du OTLPE erstellen willst.
• Navigiere nach C:\eeecpfr und starte usb_prep8.cmd.
• Drücke im DOS Fenster eine beliebige Taste.
• Gehe nun sicher das der richtige Laufwerksbuchstabe deines USB Sticks ganz oben steht.
Für Drive Label: gib ein OTLPE.
Unter Source Path to built BartPE/WinPE Files klicke ... und wähle den vorher erstellten OTLPE Ordner .
Setze ein Häckchen bei Enable File Copy.
• Klicke Start, akzeptiere die Nutzungsbestimmungen.
Nun kannst Du mit dem USB Stick dein System starten!

Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device auswählen)

• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.• OTLpe sollte nun starten.
• Drücke [COLOR=Blue]Run Scan[/COLOR], um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

31.07.2012, 21:03

sergy

...neu hier

Themenstarter

Beiträge: 7

#5 hallo,
leider hab ich das mit dem usb stick erst jetzt gelesen. (die cd ist fertig)
ein anderes Prolem ist das ich schon an den fühsten arbeitsschritten scheiter. ich finde die funktion nicht,mit der ich die cd booten kann.
deshalb hab ich paar fotos von dem destop gemacht. hab auch schon alle F Knöpfe (also F1-12) ausprobiert. über F2 komme ich in das menü das ich fotografiert habe. mein laptop ist ein Lenovo mit win7 wenn das eine rolle spielen sollte...
wenn ich die 3 möglichkeiten auf bild 1 unter BOOT entere, ladet der laptop wie sonst immer hoch (nur das ich dann zwischen normal, abgesichertem Modus und zwei anderen möglichkeiten wählen kann).

ich hoffe du weist was ich meine und das ich es gut genug beschriben konnte...

liebe grüße sergy

EDIT

hab durch weiteres rumprobieren es geschafft wieder per systemwiederherstellung den computer bedienungsfähig zu machen ^^ und ich glaub mein alter laptop (feiert seinen 10 jährigen) kann keine cds mehr brennen, nach dem er 4 rohlinge geschrottet hat ist die 5te unbeschreien, obwohl er mirgeschrieben hatte das der brennvorgang abgeschlossen sei o.O

ich lasse jetzt den scan von OTL durchlaufen, das ergebnissdavon werde ich dann posten... mein herz liegt echt auf eis XD

Anhang: destop1-3.JPG

Dieser Beitrag wurde am 31.07.2012 um 21:29 Uhr von sergy editiert.

31.07.2012, 23:47

sergy

...neu hier

Themenstarter

Beiträge: 7

#6 Hallo mal wieder

hier das Ergebniss von OTL (Hab nur einen Anhang gefunden)

OTL logfile created on: 31.07.2012 23:27:05 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Juni\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,95 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,61% Memory free
15,89 Gb Paging File | 13,46 Gb Available in Paging File | 84,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 481,37 Gb Free Space | 73,53% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,58 Gb Free Space | 91,68% Space Free | Partition Type: NTFS

Computer Name: JUNI-PC | User Name: Juni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.07.31 23:26:54 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Juni\Downloads\OTL.exe
PRC - [2012.07.19 14:59:58 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Juni\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.15 19:18:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.08 22:20:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:20:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.16 19:28:34 | 000,782,744 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.01.19 13:30:04 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () -- C:\Users\Juni\AppData\LocalLow\WOT\IE\WOTUpdater.exe
PRC - [2011.11.17 20:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.11.04 09:19:02 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.15 13:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011.01.19 05:20:00 | 006,871,952 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2011.01.19 05:20:00 | 002,078,096 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [1999.07.26 12:37:26 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.07.19 14:59:57 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.19 11:34:45 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4621632eccd0b813535a27e737a8a03\IAStorUtil.ni.dll
MOD - [2012.06.19 03:37:39 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.19 03:37:32 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.13 14:39:56 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9c5c9e0b5972a39696939f7009df4a08\IAStorCommon.ni.dll
MOD - [2012.05.13 03:41:56 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.13 03:41:11 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.13 03:41:07 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 03:41:03 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 03:41:03 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 03:40:54 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.03.08 17:47:51 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.12.23 22:31:02 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.11.04 09:19:02 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011.11.04 00:23:46 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.20 05:08:20 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp331.ax
MOD - [1999.09.06 17:33:40 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 3.0 SE\u32sn.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2011.03.25 04:53:28 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.19 14:59:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 22:20:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 22:20:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.16 19:28:34 | 000,782,744 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.03.12 16:26:14 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Juni\AppData\LocalLow\WOT\IE\WOTUpdater.exe -- (WOTUpdater)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.01.19 05:20:00 | 002,078,096 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 22:20:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:20:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.12 16:13:25 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.11.29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.11.04 09:28:09 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011.11.04 09:28:08 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.11.04 09:25:35 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011.11.04 09:25:35 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011.11.04 00:35:10 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.04 00:35:10 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.15 05:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.26 00:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.25 07:34:40 | 008,284,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.25 04:17:36 | 000,296,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.02.14 06:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.08.16 11:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={904BAE00-8F3B-48D3-826D-A80D18604645}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110819&tt=3112_2&babsrc=HP_ss&mntrId=22e7cfaa00000000000074de2baa7c1a
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=3112_2&babsrc=SP_ss&mntrId=22e7cfaa00000000000074de2baa7c1a
IE - HKCU\..\SearchScopes\{23E943AC-7410-4768-A791-D1168FD26424}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{4715CD88-6398-4AF7-9F0B-19C7A5214ACA}: "URL" = http://start.funmoods.com/results.php?f=4&a=drive&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_deDE463
IE - HKCU\..\SearchScopes\{C74F9487-0870-4336-8786-45765EA24B30}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=249888C0-CACC-4D2F-8836-D0AA10A530EF&apn_sauid=AB950AB3-DD73-452E-A3CF-73BD6CED1DFC&
IE - HKCU\..\SearchScopes\{D7CBEB18-B89B-4F4E-BA36-BD4B784918E5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=5&q={searchTerms}&barid={904BAE00-8F3B-48D3-826D-A80D18604645}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110819&tt=3112_2&babsrc=HP_ss&mntrId=22e7cfaa00000000000074de2baa7c1a"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.03.12 16:02:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.08 01:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.31 21:46:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 22:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.31 22:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 22:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.31 22:08:41 | 000,000,000 | ---D | M]

[2011.12.23 22:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juni\AppData\Roaming\mozilla\Extensions
[2012.07.31 22:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions
[2012.06.28 00:55:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.02.04 21:13:06 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.04.24 23:53:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.30 20:15:18 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.02.08 23:21:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\ffxtlbr@babylon.com
[2012.01.30 20:15:18 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\ffxtlbr@funmoods.com
[2012.07.31 22:53:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\plugin@yontoo.com
[2012.03.06 17:13:04 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\toolbar@ask.com
[2012.01.30 20:29:45 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Juni\AppData\Roaming\mozilla\Firefox\Profiles\asrsx8uc.default\extensions\wotstats@mywot.com
[2011.11.17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Juni\AppData\Roaming\Mozilla\Firefox\Profiles\asrsx8uc.default\searchplugins\askcom.xml
[2012.04.24 21:31:10 | 000,000,931 | ---- | M] () -- C:\Users\Juni\AppData\Roaming\Mozilla\Firefox\Profiles\asrsx8uc.default\searchplugins\conduit.xml
[2012.05.31 20:47:33 | 000,001,799 | ---- | M] () -- C:\Users\Juni\AppData\Roaming\Mozilla\Firefox\Profiles\asrsx8uc.default\searchplugins\funmoods.xml
[2012.02.07 03:52:45 | 000,004,030 | ---- | M] () -- C:\Users\Juni\AppData\Roaming\Mozilla\Firefox\Profiles\asrsx8uc.default\searchplugins\SweetIM Search.xml
[2012.06.13 22:59:16 | 000,003,983 | ---- | M] () -- C:\Users\Juni\AppData\Roaming\Mozilla\Firefox\Profiles\asrsx8uc.default\searchplugins\sweetim.xml
[2012.02.04 16:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.02 23:43:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.04 21:12:48 | 000,162,686 | ---- | M] () (No name found) -- C:\USERS\JUNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASRSX8UC.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.02.08 23:21:52 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\JUNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASRSX8UC.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI
[2012.02.08 23:21:52 | 000,011,148 | ---- | M] () (No name found) -- C:\USERS\JUNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASRSX8UC.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI
[2012.07.19 14:59:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.15 19:18:12 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.06.25 21:01:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.31 22:53:49 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.25 21:01:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 21:01:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 21:01:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 21:01:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 21:01:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={904BAE00-8F3B-48D3-826D-A80D18604645}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/?affID=110819&tt=3112_2&babsrc=HP_ss&mntrId=22e7cfaa00000000000074de2baa7c1a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkoadeoehimjeflihaofcfpbngen\7.13.2.19415_0\background/registryAccess.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkoadeoehimjeflihaofcfpbngen\7.13.2.19415_0\
CHR - Extension: PriceGong = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0\
CHR - Extension: Funmoods = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
CHR - Extension: Funmoods = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
CHR - Extension: DealPly = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Mehr Leistung und Videoformate fr dein HTML5 video = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: WOT = C:\Users\Juni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb\2.11.7_0\

O1 HOSTS File: ([2012.02.03 23:31:07 | 000,004,411 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 127.0.0.1 practivate.adobe.de
O1 - Hosts: 89 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>

- {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (Funmoods BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (WOT) - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Users\Juni\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Juni\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Driver Updater] C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe (MEDIA FOG LTD)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\Juni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
O4 - Startup: C:\Users\Juni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Juni\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Juni\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FD1D6F3-8695-4FA2-9002-AB19BE92E290}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A86E12D6-5B9E-4BD6-B78F-EA8AD4DF0426}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.07.31 23:00:13 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\Malwarebytes
[2012.07.31 22:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 22:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.31 22:59:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.07.31 22:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.31 22:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownloadManager
[2012.07.31 22:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.07.31 22:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.31 22:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.07.31 22:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.07.31 21:49:43 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{11BF0124-382D-49B7-8DA2-3B9883530367}
[2012.07.31 21:49:31 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{333BE4B3-9650-4B85-85A7-9997EDFF0471}
[2012.07.31 21:38:17 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{EAD0AB91-2DCD-45B8-B754-9FE035248356}
[2012.07.31 21:35:09 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{7A242F2F-066D-4583-9D17-BDF5987DC53C}
[2012.07.31 21:19:49 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{A2CC9D73-457D-4964-BEE9-E95B14F5322F}
[2012.07.30 20:11:10 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\Roaming
[2012.07.30 13:44:47 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{2B4FC150-5301-45C3-9D68-D4031F9F7296}
[2012.07.30 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{1D7D7F64-4EEF-4E39-9E0F-5835A4AF4F1E}
[2012.07.30 10:04:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2012.07.30 10:04:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2012.07.30 10:04:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2012.07.30 00:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2012.07.30 00:00:11 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{CEA294BA-421E-40B3-9117-405365FECCDA}
[2012.07.30 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{C82EBA57-B749-4FFE-8210-7AEBFBB1DDBD}
[2012.07.29 11:59:33 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{138387E9-40A9-49DA-88E2-8DF94AAF1462}
[2012.07.29 11:59:23 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{39C83D6E-067F-4FDD-8A88-E0E4600D76A0}
[2012.07.28 11:45:35 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{8D409098-4BCD-47FD-BE07-015C2FF8D9E8}
[2012.07.27 13:14:18 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{58DBB789-3766-461E-8E02-F4ABBE8C6069}
[2012.07.24 22:41:11 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{3B881EEC-C11C-4AE6-B22B-3E9D2BCA943C}
[2012.07.24 22:40:59 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{3CA4D327-D0FD-4057-A809-DDD95A70CDF7}
[2012.07.24 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{8A3EF7A1-F1E0-4F29-BC3E-3613ACD883B9}
[2012.07.24 10:37:37 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{84A2705B-A96A-473A-9D96-6FB9755B5D8F}
[2012.07.23 20:15:15 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{7DEAC43E-9ABD-4EF1-BF1C-C9F1AAA828E1}
[2012.07.23 13:21:54 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\BabylonToolbar
[2012.07.23 13:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.07.23 13:21:41 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\Babylon
[2012.07.23 13:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.23 13:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.07.23 12:22:50 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{82BD1D44-DB75-4F77-8FB1-CA5E8FBA0661}
[2012.07.23 12:22:40 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{B0710470-1E5E-47CA-B90F-4F9EF3E66952}
[2012.07.23 11:02:39 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\YourFileDownloader
[2012.07.23 00:22:15 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{B5024A8B-5943-4662-A378-5E3890C7984A}
[2012.07.22 12:21:51 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{C7DA8C1B-0450-4F71-A36B-5723C88687E3}
[2012.07.22 12:21:41 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{A637ED06-B546-488A-A705-BB9185AD7520}
[2012.07.22 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\13001.028
[2012.07.22 03:18:32 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\xmldm
[2012.07.22 03:18:30 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\kock
[2012.07.21 17:27:03 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{38433B51-EF6B-4A3B-A5F5-3AACBE8924A9}
[2012.07.21 17:26:51 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{E44F0734-A9CB-447A-ADB7-67DCD5A58A92}
[2012.07.21 11:23:21 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{F478DE9B-54FB-4A1F-9909-E6E7EE8D3860}
[2012.07.21 11:23:10 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{5A7C2A38-77F6-4AC7-979B-0E7DEB667AEE}
[2012.07.21 07:51:41 | 000,000,000 | ---D | C] -- C:\windows\WindowsMobile
[2012.07.21 07:47:24 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\GoPal Assistant
[2012.07.21 07:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion GoPal Assistant
[2012.07.21 07:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medion GoPal Assistant
[2012.07.20 23:46:08 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSJet35.dll
[2012.07.20 23:46:08 | 000,604,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMCTL32.OCX
[2012.07.20 23:46:08 | 000,403,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRepl35.dll
[2012.07.20 23:46:08 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSRD2x35.dll
[2012.07.20 23:46:08 | 000,202,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DBLIST32.OCX
[2012.07.20 23:46:08 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\windows\SysWow64\THREED32.OCX
[2012.07.20 23:46:08 | 000,191,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TABCTL32.OCX
[2012.07.20 23:46:08 | 000,154,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMCT232.OCX
[2012.07.20 23:46:08 | 000,128,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMDLG32.OCX
[2012.07.20 23:46:08 | 000,078,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VB5DB.dll
[2012.07.20 23:46:08 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ODBCTL32.dll
[2012.07.20 23:46:08 | 000,075,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PICCLP32.OCX
[2012.07.20 23:46:08 | 000,063,488 | ---- | C] (MicroHelp, Inc.) -- C:\windows\SysWow64\GAUGE32.OCX
[2012.07.20 23:46:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFC40Loc.dll
[2012.07.20 23:46:08 | 000,045,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSJInt35.dll
[2012.07.20 23:46:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DBLstDE.dll
[2012.07.20 23:46:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CmDlgDE.dll
[2012.07.20 23:46:08 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSJtEr35.dll
[2012.07.20 23:46:08 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CmCt2DE.dll
[2012.07.20 23:46:08 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TabCtDE.dll
[2012.07.20 23:46:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PcClpDE.dll
[2012.07.20 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vorweis
[2012.07.20 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start
[2012.07.20 23:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start
[2012.07.20 23:22:45 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{2A0DBA32-7A9A-48E9-A06E-DE4CA66D5D92}
[2012.07.20 23:22:34 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{2C3493B8-E7B6-4AA6-9015-188594287383}
[2012.07.20 11:22:05 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{3AE31C60-9483-4946-9BEB-00B96E55A551}
[2012.07.20 11:21:24 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{1E2929F7-CF95-4275-8242-6A75AE1A598E}
[2012.07.19 14:59:12 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{A08BDFF2-470B-4A46-B14E-42A12AAD3D5D}
[2012.07.19 14:59:01 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{672CF659-061B-406B-9734-25573F0E8826}
[2012.07.18 23:52:07 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012.07.18 13:33:47 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{21B901BD-28C9-47CB-8D28-26A8457E01AA}
[2012.07.18 13:33:36 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{3B42B055-910A-4E0E-ACC0-18DE79CB18C7}
[2012.07.18 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{0C614329-94CC-4CA7-B4ED-2F3167E6F0EC}
[2012.07.18 10:05:22 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{7199BDE7-4B76-49CC-A027-2260C7385B2E}
[2012.07.17 20:19:31 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{3953AA61-918A-4A06-B7E6-E29DC3033A75}
[2012.07.17 20:19:21 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{981E9168-8430-4F7D-B48F-45673F72BA35}
[2012.07.16 12:12:37 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{FE5F3AAB-EE8D-45FF-83F8-A45CE3B64526}
[2012.07.16 03:34:00 | 000,000,000 | -H-D | C] -- C:\Users\Juni\AppData\Roaming\RPPrivate
[2012.07.16 00:12:13 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{50EE177D-7F78-46DA-8ADE-805731C563F3}
[2012.07.16 00:12:03 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{09ED043A-D3D6-4714-944B-9033ACE65947}
[2012.07.15 12:11:34 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{F2368EAB-9A49-4821-9482-2D430AA1177C}
[2012.07.15 12:11:24 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{2821A45D-F4F9-4228-98E7-A084801C2A59}
[2012.07.14 23:42:47 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{5C0272DC-6481-4E30-8B77-A7C90A377A86}
[2012.07.14 11:42:09 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{2BB185EB-C0EE-4446-AA8E-A52B8ADD6543}
[2012.07.14 11:41:37 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{C0BBD38D-F9F8-4687-A10E-D956537E7353}
[2012.07.13 14:41:26 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{A0FD5B75-FA73-496B-B361-0C4A0AEA3C2B}
[2012.07.12 20:54:40 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{AC4C5CAB-701D-4789-842B-A58E8A800222}
[2012.07.12 20:52:03 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{13A4C3E0-D07F-45EE-8B09-DB6961CE6C61}
[2012.07.12 11:34:43 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{A6D0A5A6-DFD7-4356-99C0-1ADDC3138CBE}
[2012.07.12 11:19:42 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{D7AA25B2-9022-4D9C-BC47-B2AA1C79785A}
[2012.07.12 10:30:13 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{2A3E6A64-932C-4B3E-9848-50D7F1738DB8}
[2012.07.11 22:25:04 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{00096CCF-7EE1-4814-97B4-55F042D920F5}
[2012.07.11 22:24:54 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{F2A4BA30-7394-4D4C-A568-59DEAFE865DE}
[2012.07.11 10:24:26 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{20D4E91F-D36C-4D0E-9B9B-CE4214BA360C}
[2012.07.11 10:24:13 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{14679E78-4490-4933-8F92-44CB5E4B8C25}
[2012.07.11 06:11:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.07.11 06:11:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.07.11 06:11:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.07.11 06:11:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.07.11 06:11:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.07.11 06:11:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.07.11 06:11:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.07.11 06:11:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.07.11 06:11:36 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.07.11 06:11:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.07.11 06:11:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.07.11 06:11:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.07.11 06:11:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.07.11 05:15:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012.07.11 05:15:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012.07.11 05:15:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.07.11 05:15:04 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012.07.11 05:15:04 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012.07.10 21:44:07 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{77A1518D-F6D5-4AFC-B13C-2475F8334142}
[2012.07.10 21:43:57 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{58886C51-E0A2-4371-9AC6-4222D0DAEF72}
[2012.07.10 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\Nitro PDF
[2012.07.10 10:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012.07.10 10:09:54 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Roaming\Downloaded Installations
[2012.07.10 09:43:31 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{6F0F9D91-D393-408E-B907-2D79D10962FD}
[2012.07.10 03:00:29 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2012.07.09 20:36:30 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{E173C25D-78BB-46BC-A8BD-C5FC4F83FDAC}
[2012.07.09 20:35:49 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{80D21E2C-83DF-4B65-942E-66A1FF34A5ED}
[2012.07.09 16:17:36 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{F9384188-99AC-4345-AB8B-A55EBD45F150}
[2012.07.09 13:50:16 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{C095934A-F078-4DA9-BFE0-3B9BCAC3BBE7}
[2012.07.09 11:00:00 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{418DEF7A-987E-494E-9F6E-CE855D635C04}
[2012.07.08 21:56:34 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{D456D444-A9EA-4380-B9EC-ED0F8E9E17B5}
[2012.07.08 09:56:10 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{3C02EFF7-7D1E-448E-A28A-C8F2BFDB5B49}
[2012.07.08 09:56:00 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{EE8F27C2-7FE5-4757-A2EA-D9D27E75BABD}
[2012.07.07 14:13:17 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{E0B99C3D-B470-408A-BFBE-58207EABAAF8}
[2012.07.07 14:13:06 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{04CAEE05-F8CE-4347-95C4-8AA1D5E15E7B}
[2012.07.07 00:29:19 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{2CDED14A-0808-463A-98A1-AD674C97AC67}
[2012.07.07 00:29:07 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{4805C897-DA65-4716-9D71-5B5F8E25DBF6}
[2012.07.07 00:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ljfobkmunlhsliu
[2012.07.06 13:46:45 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{42881D4B-DFB8-4617-8CC3-8A3A719BC4C7}
[2012.07.06 12:59:44 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{C8CCE40D-E1C3-47B4-B694-0D4D6A9C96D6}
[2012.07.06 11:25:02 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{83254A0D-75E7-4665-9215-ABBA946F067C}
[2012.07.05 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{8F9794EC-1DA3-4A25-9B15-6BA4EFA56608}
[2012.07.05 22:29:51 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{EE28016C-2E83-4D16-B10B-2587D9A9F29D}
[2012.07.05 10:29:24 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{361D4620-9A5E-48B0-82FA-6CB6677CF143}
[2012.07.05 10:29:13 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{523F31FB-A387-42D2-9002-5AA1769DD6D1}
[2012.07.04 22:28:47 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{F078361D-52A8-4922-9AC5-4F844C405D99}
[2012.07.04 22:28:36 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{6D770FBE-AE11-45EC-9CE6-8ADF3D86F7D4}
[2012.07.04 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{5F4090F4-CEB6-4504-8209-8130E3CCF5BA}
[2012.07.04 10:27:07 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{89D5D2AE-1C16-4736-A136-5D3A0AE2B558}
[2012.07.03 17:15:41 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{C3BB497B-6561-4FA1-8427-2D3A2C385117}
[2012.07.03 17:15:29 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{62C33668-C01F-4D51-8BA7-1018E21DDC45}
[2012.07.03 13:38:17 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{E7AE690B-F503-4699-9EDC-6B1C1A2EB887}
[2012.07.03 01:37:50 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{C1C30746-0064-4B19-B861-2A9FB7088716}
[2012.07.03 01:37:40 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{38D672E8-281C-474B-8492-FD95BDC9CC1A}
[2012.07.02 13:37:14 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{BA3C5A1A-2141-4E5F-945B-6EDF6EFA8685}
[2012.07.02 13:37:02 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{443E18B5-04A1-47E5-8DB2-52531EC24E25}
[2012.07.02 11:07:56 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\Diagnostics
[2012.07.02 01:36:37 | 000,000,000 | ---D | C] -- C:\Users\Juni\AppData\Local\{812752D4-AFDB-485E-84A3-D10EF2CE6F34}
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\Juni\AppData\Roaming\*.tmp files -> C:\Users\Juni\AppData\Roaming\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.07.31 23:38:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 23:24:54 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 23:24:54 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 23:23:44 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.07.31 23:23:44 | 000,654,844 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.07.31 23:23:44 | 000,616,686 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.07.31 23:23:44 | 000,130,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.07.31 23:23:44 | 000,106,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.07.31 23:18:08 | 000,255,755 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.07.31 23:17:28 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 23:17:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.31 23:17:07 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 23:16:09 | 000,000,020 | ---- | M] () -- C:\Users\Juni\defogger_reenable
[2012.07.31 23:15:08 | 000,050,477 | ---- | M] () -- C:\Users\Juni\Desktop\Defogger.exe
[2012.07.31 23:01:26 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.31 22:55:39 | 000,002,073 | ---- | M] () -- C:\Users\Juni\Desktop\JDownloader.lnk
[2012.07.31 22:54:29 | 000,000,879 | ---- | M] () -- C:\user.js
[2012.07.31 22:08:34 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.30 14:38:38 | 000,002,453 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2012.07.23 17:16:28 | 000,000,034 | ---- | M] () -- C:\Users\Juni\AppData\Roaming\blckdom.res
[2012.07.22 23:32:58 | 000,000,287 | ---- | M] () -- C:\Users\Juni\AppData\Local\VersionChecker_17.xml
[2012.07.20 23:46:19 | 000,000,077 | ---- | M] () -- C:\windows\twl.ini
[2012.07.20 18:53:15 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 18:07:59 | 000,000,446 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Juni.job
[2012.07.18 23:52:02 | 524,668,676 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.07.16 12:21:43 | 016,300,786 | ---- | M] () -- C:\Users\Juni\Desktop\PORTFOLIO BEWERBUNG.pdf
[2012.07.11 10:21:46 | 004,952,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.07.08 01:43:24 | 000,402,769 | ---- | M] () -- C:\Users\Juni\Desktop\Epochen und Stilgeschichte 18.pdf
[2012.07.07 00:05:16 | 000,000,051 | ---- | M] () -- C:\ProgramData\rzfvcoflzvtxxsi
[2012.07.04 01:13:03 | 000,015,430 | ---- | M] () -- C:\Users\Juni\Desktop\GestaltungslehreMappe1.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\Juni\AppData\Roaming\*.tmp files -> C:\Users\Juni\AppData\Roaming\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.07.31 23:16:09 | 000,000,020 | ---- | C] () -- C:\Users\Juni\defogger_reenable
[2012.07.31 23:15:08 | 000,050,477 | ---- | C] () -- C:\Users\Juni\Desktop\Defogger.exe
[2012.07.31 22:59:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.31 22:55:39 | 000,002,073 | ---- | C] () -- C:\Users\Juni\Desktop\JDownloader.lnk
[2012.07.31 22:55:29 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.07.31 22:55:29 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.07.31 22:55:29 | 000,001,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.07.31 22:08:34 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.30 10:04:02 | 000,002,453 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2012.07.22 03:18:43 | 000,000,034 | ---- | C] () -- C:\Users\Juni\AppData\Roaming\blckdom.res
[2012.07.21 07:51:49 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012.07.20 23:46:19 | 000,001,037 | ---- | C] () -- C:\Users\Juni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vorweis.LNK
[2012.07.20 23:46:19 | 000,000,077 | ---- | C] () -- C:\windows\twl.ini
[2012.07.20 18:53:15 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 18:53:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.18 23:52:02 | 524,668,676 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.07.16 11:47:15 | 016,300,786 | ---- | C] () -- C:\Users\Juni\Desktop\PORTFOLIO BEWERBUNG.pdf
[2012.07.08 12:19:48 | 000,290,927 | ---- | C] () -- C:\Users\Juni\Desktop\Epochen und Stilgeschichte II26.pdf
[2012.07.08 12:19:45 | 000,539,473 | ---- | C] () -- C:\Users\Juni\Desktop\Epochen und Stilgeschichte II.pdf
[2012.07.08 12:19:42 | 000,402,769 | ---- | C] () -- C:\Users\Juni\Desktop\Epochen und Stilgeschichte 18.pdf
[2012.07.07 00:05:12 | 000,000,051 | ---- | C] () -- C:\ProgramData\rzfvcoflzvtxxsi
[2012.07.04 01:13:01 | 000,015,430 | ---- | C] () -- C:\Users\Juni\Desktop\GestaltungslehreMappe1.pdf
[2012.04.28 16:24:20 | 000,000,287 | ---- | C] () -- C:\Users\Juni\AppData\Local\VersionChecker_17.xml
[2012.03.06 17:13:46 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2012.02.02 22:21:25 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.01.30 19:45:22 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2012.01.03 23:27:37 | 000,000,319 | ---- | C] () -- C:\windows\ULEAD32.INI
[2012.01.03 23:19:54 | 000,000,492 | ---- | C] () -- C:\windows\MAXLINK.INI
[2012.01.01 03:12:15 | 000,007,601 | ---- | C] () -- C:\Users\Juni\AppData\Local\Resmon.ResmonCfg
[2011.11.04 09:33:58 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011.11.04 09:33:58 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011.11.04 09:19:05 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.11.04 09:19:05 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.11.04 09:19:05 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.11.04 09:19:05 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.11.04 09:19:01 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.11.04 09:10:04 | 000,001,803 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2011.11.04 09:10:04 | 000,001,803 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2011.11.04 09:07:11 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.11.04 08:58:15 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.11.04 08:55:26 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.11.04 08:52:17 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.11.04 08:50:11 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.11.04 08:50:10 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.11.04 08:50:10 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

< End of report >

Was mach ich jetzt damit? Bereinigen, oder nicht?

Anhang: Extras.Txt

01.08.2012, 00:36

sergy

...neu hier

Themenstarter

Beiträge: 7

#7 hab im Anhang noch das Ergebnis von einem Malware suchdurchlauf (ca. 53 Funde, echt schockierend!! )=
und OTL scheint sich irgendwie samt gespeicherter Ergebnisse selbst zu löschen, das ist doch nicht normal, oder?
lg sergy

Anhang: mbam-log-2012-07-31 (23-21-23).txt

02.08.2012, 13:51

Swisstreasure

Moderator

Beiträge: 5694

Zitat

O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 127.0.0.1 practivate.adobe.de

Bedeutet?

02.08.2012, 20:33

sergy

...neu hier

Themenstarter

Beiträge: 7

#9 äh ... ich weiß das ein host für adobe Programme läuft (ich muss "host" erst bei Wikipedia nachschlagen XD Allerdings denke ich schon das es okay ist, hab die Programme von der Uni).
aber da bei allen adobe steht, wirds das wohl sein ^^

sonst alles clean?! kaum zu glauben ^^

Danke!!!!!

)))))))))))))))

Dieser Beitrag wurde am 02.08.2012 um 20:40 Uhr von sergy editiert.

02.08.2012, 23:54

Swisstreasure

Moderator

Beiträge: 5694

#10 Also es geht darum dass Du Adobe vermutlich illegal nutz.

03.08.2012, 00:13

sergy

...neu hier

Themenstarter

Beiträge: 7

#11 denke auch das es so ist. Von vielen Programmen die wir brauchen kann man Studentenversionen erwerben, bei Adobe Programmen ist das nicht der Fall. Ist auch komisch das viele Professoren davon ausgehen (es teils sogar vorraussetzen) das wir mit Adobe arbeiten, obwohl sie wissen das fast keiner das Geld hat es rechtlich zu erwerben. Bin sonst auch ungern illegal ^^

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1