Seite 1 von 3 123 LetzteLetzte
Ergebnis 1 bis 10 von 29

Thema: Hijack.log

  1. #1
    Einsteiger
    Registriert seit
    17.01.2011
    Beiträge
    19

    Hijack.log

    Hallo, habe die Hijackexe ausgeführt und dieses Log File erhalten. Kann mir das evtl.jemand "übersetzen"?
    Es waren einige Meldungen, mit denen ich leider nichts anfangen kann.
    Wer kann helfen?
    Vielen Dank!


    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:28:49, on 17.01.2011
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\HiYo\Bin\HiYo.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Mirko\Desktop\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?G=1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\Langenscheidt T1 6_0\Engine\mte\StdAlone\T1IE.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MyWebSearch\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - (no file)
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - (no file)
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix: 
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1260583483871
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - AppInit_DLLs: acaptuser32.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Brother Industries, Ltd. - (no file)
    O23 - Service: FileZilla Server - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcz_device -   - C:\Windows\system32\lxczcoms.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MyWebSearch\bar\1.bin\mwssvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    O23 - Service: WTGService - Unknown owner - C:\Program Files\Verbindungsassistent\WTGService.exe
    
    --
    End of file - 12619 bytes
    Geändert von kira (17.01.2011 um 17:06 Uhr)

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.800

    AW: Hijack.log

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!**
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...


    ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen und gleich ein spezielles Entfernungsprogramm einsetzen dazu:
    **Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

    1.
    ** Bei der Installation darauf achten: das Programm in Systemstart bitte nicht aufnehmen!
    Lade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel herunter:
    • Anwendbar auf Windows 2000, XP, Vista und Windows 7.
    • Installiere das Programm in den vorgegebenen Pfad.
    • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
    • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
    • Aktiviere "Komplett Scan durchführen" => Scan.
    • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
    • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
    • Bei Funden in C:\System Volume Information den Haken entfernen.
      Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
      Er könnte jedoch trotz Malware noch gebraucht werden.
    • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
    • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
    • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
    • Berichte, wie der Rechner nun läuft.
    Hier findest Du eine ausführliche und bebilderte Anleitung

    2.
    Zunächst bitte folgende Einstellungen vornehmen: System-Dateien und -Ordner unter XP, Vista und Win7 sichtbar machen
    Am Ende unserer Arbeit, kannst wieder rückgängig machen!

    3.
    poste erneut:
    ► Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

    4.
    "Dateiliste mit HJTscanlist.bat erstellen"
    Lade dir HJTscanlist.zip. -(Punkt 6) herunter ( den angegebenen Link anklicken ► Punkt 6. aussuchen ► Anweisungen folgen) anschließend das erhaltene Logfile hier posten.

    5.
    • Download den CCleaner ► klick auf " Download from Piriform.com
    • Software-Lizenzvereinbarung lesen, falls angeboten wird ("Füge CCleaner Yahoo! Toolbar hinzu" - abwählen!)-> starten -> Falls nötig, unter Options settings -> "german" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]
    gruß
    argos
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  3. #3
    Einsteiger
    Registriert seit
    17.01.2011
    Beiträge
    19

    AW: Hijack.log

    Code:
     Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    
    Datenbank Version: 5542
    
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    
    18.01.2011 00:15:52
    mbam-log-2011-01-18 (00-15-52).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|)
    Durchsuchte Objekte: 568658
    Laufzeit: 3 Stunde(n), 30 Minute(n), 49 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 3
    Infizierte Registrierungsschlüssel: 132
    Infizierte Registrierungswerte: 7
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 15
    Infizierte Dateien: 76
    
    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule:
    c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Delete on reboot.
    
    Infizierte Registrierungsschlüssel:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    
    Infizierte Registrierungswerte:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
    
    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse:
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    
    Infizierte Dateien:
    c:\Program Files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Users\Mirko\AppData\Roaming\desktopicon\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
    c:\Users\Mirko\downloads\setupcasino_9d9d26_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
    c:\Users\Mirko\downloads\Webfetti.exe (Adware.Iwon) -> Quarantined and deleted successfully.
    c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Code:
     Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:28:07, on 18.01.2011
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    C:\Program Files\HiYo\Bin\HiYo.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Mirko\Desktop\HijackThis.exe
    
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Brother Industries, Ltd. - (no file)
    O23 - Service: FileZilla Server - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcz_device -   - C:\Windows\system32\lxczcoms.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    O23 - Service: WTGService - Unknown owner - C:\Program Files\Verbindungsassistent\WTGService.exe
    
    --
    End of file - 3335 bytes
    Ich hoffe, ich habe alles richtig gemacht

  4. #4
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.800

    AW: Hijack.log

    weitere Schritte fehlen noch, bitte nachholen
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  5. #5
    Einsteiger
    Registriert seit
    17.01.2011
    Beiträge
    19

    AW: Hijack.log

    Code:
     
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                            º                                    º 
                                        hjtscanlist v2.0              
                            º                                    º 
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
    
    Microsoft Windows [Version 6.1.7600]
     
     
    C:
    
    C:\hiberfil.sys 
    C:\Program Files 
    C:\QUARANTINE 
    C:\Config.Msi 
    C:\temp 
    C:\Windows 
    C:\ProgramData 
    C:\Casino 
    C:\$DRVLTR$ 
    C:\Boot 
    C:\_AcroTemp 
    C:\Ares Tube 
    C:\bootsqm.dat 
    C:\win7ldr 
    C:\grldr 
    C:\BOOTSECT.BAK 
    C:\$bootdrive$ 
    C:\$lsdrive$ 
    C:\$WINDOWS.~LS 
    C:\System Volume Information 
    C:\Users 
    C:\Softwarenetz 
    C:\.Trash-1000 
    C:\Hydra 
    C:\Intel 
    C:\SchallbachRadolfzellamBodensee.bcr 
    C:\SchallbachRadolfzellamBodensee.rte 
    C:\mywebsite 
    C:\Adobe 
    C:\DVDVideoSoft 
    C:\7Loader.TAG 
    C:\grldr.bak 
    C:\xampp 
    C:\BM2005 
    C:\win7.ld 
    C:\Recovery 
    C:\PerfLogs 
    C:\$Recycle.Bin 
    C:\PCWELT 
    C:\Downloads 
    C:\inetpub 
    C:\$WINDOWS.~Q 
    C:\lxcz.log 
    C:\ASPI.LOG 
    C:\w7ldr 
    C:\tmp 
    C:\bootmgr 
    C:\MyWorks 
    C:\autoexec.bat 
    C:\config.sys 
    C:\rapport.txt 
    C:\RootkitNO 
    C:\Samsung 
    C:\fraglist.luar 
    C:\ctapi_out_gr.txt 
    C:\plap.txt 
    C:\fraglist.htm 
    C:\programs 
    C:\MyWorksPP_SLIDE.TMP 
    C:\IO.SYS 
    C:\MSDOS.SYS 
    C:\MSOCache 
    C:\setup.log 
    C:\RHDSetup.log 
    C:\Programme 
    C:\Dokumente und Einstellungen 
    ----------------------------------------
    
     
    C:\Windows
    
    C:\Windows\setupact.log 
    C:\Windows\bootstat.dat 
    C:\Windows\WindowsUpdate.log 
    C:\Windows\PFRO.log 
    C:\Windows\logboot_22.11.2010.tureg.log 
    C:\Windows\7Loader.TAG 
    C:\Windows\DirectX.log 
    C:\Windows\Irremote.ini 
    C:\Windows\setuperr.log 
    C:\Windows\snui.exe 
    C:\Windows\win.ini 
    C:\Windows\WinPlace.INI 
    C:\Windows\diagwrn.xml 
    C:\Windows\diagerr.xml 
    C:\Windows\Setup1.exe 
    C:\Windows\ST6UNST.EXE 
    C:\Windows\ULEAD32.INI 
    C:\Windows\_MSRSTRT.EXE 
    C:\Windows\wcpx_.dat 
    C:\Windows\installation.ini 
    C:\Windows\Lexstat.ini 
    C:\Windows\SurCode.INI 
    C:\Windows\ODBCINST.INI 
    C:\Windows\configt.cfg 
    C:\Windows\WinInit.Ini 
    C:\Windows\explorer.exe 
    C:\Windows\NetworkCfg.exe 
    C:\Windows\WindowsShell.Manifest 
    C:\Windows\twain_32.dll 
    C:\Windows\write.exe 
    C:\Windows\winhlp32.exe 
    C:\Windows\twunk_32.exe 
    C:\Windows\regedit.exe 
    C:\Windows\notepad.exe 
    C:\Windows\hh.exe 
    C:\Windows\HelpPane.exe 
    C:\Windows\fveupdate.exe 
    C:\Windows\bfsvc.exe 
    C:\Windows\mib.bin 
    C:\Windows\_default.pif 
    C:\Windows\winhelp.exe 
    C:\Windows\twunk_16.exe 
    C:\Windows\twain.dll 
    C:\Windows\WMSysPr9.prx 
    C:\Windows\msdfmap.ini 
    C:\Windows\Ultimate.xml 
    C:\Windows\Starter.xml 
    C:\Windows\winstart.bat 
    C:\Windows\Relax.ini 
    C:\Windows\netop.ini 
    C:\Windows\php.ini 
    C:\Windows\ODBC.INI 
    C:\Windows\my.ini 
    C:\Windows\RUN32TEST.DLL 
    C:\Windows\RUN327.DLL 
    C:\Windows\RUN326.DLL 
    C:\Windows\RUN325.DLL 
    C:\Windows\RUN324.DLL 
    C:\Windows\RUN323.DLL 
    C:\Windows\RUN322.DLL 
    C:\Windows\RUN321.DLL 
    C:\Windows\system.ini 
    C:\Windows\spoolsv.exe 
    C:\Windows\Publisher4.INI 
    C:\Windows\MegaManager.INI 
    C:\Windows\BRPP2KA.INI 
    C:\Windows\BRWMARK.INI 
    C:\Windows\nsreg.dat 
    C:\Windows\mozver.dat 
    C:\Windows\GREUninstall.exe 
    C:\Windows\Tetris Game Gold Uninstaller.exe 
    C:\Windows\WinPM.INI 
    C:\Windows\dwreng4.dat 
    C:\Windows\domsys.dmc 
    C:\Windows\ds2engm.dat 
    C:\Windows\catdws.dat 
    C:\Windows\ds2eng5.dat 
    C:\Windows\PROTOCOL.INI 
    C:\Windows\HotFixList.ini 
    C:\Windows\DIFxAPI.dll 
    C:\Windows\HideWin.exe 
    C:\Windows\AMCapIco.ico 
    C:\Windows\RtHDVCpl.exe 
    C:\Windows\RtlUpd.exe 
    C:\Windows\RtlExUpd.dll 
    C:\Windows\HotfixChecker.exe 
    C:\Windows\USetup.iss 
    C:\Windows\SMCM.exe 
    C:\Windows\ses80.ini 
    C:\Windows\brunin03.dll 
    C:\Windows\SMCM.dll 
    C:\Windows\ebm.reg 
    C:\Windows\German.ini 
    C:\Windows\Product.ico 
    C:\Windows\unvise32.exe 
    C:\Windows\uninstall.ico 
    C:\Windows\uninst.exe 
    C:\Windows\IsUn0407.exe 
    C:\Windows\IsUninst.exe 
    ----------------------------------------
    
     
    C:\Windows\System
    
    C:\Windows\System\OLESVR.DLL 
    C:\Windows\System\WFWNET.DRV 
    C:\Windows\System\COMMDLG.DLL 
    C:\Windows\System\TIMER.DRV 
    C:\Windows\System\MMSYSTEM.DLL 
    C:\Windows\System\mmtask.tsk 
    C:\Windows\System\mouse.drv 
    C:\Windows\System\vga.drv 
    C:\Windows\System\sound.drv 
    C:\Windows\System\keyboard.drv 
    C:\Windows\System\SHELL.DLL 
    C:\Windows\System\system.drv 
    C:\Windows\System\ver.dll 
    C:\Windows\System\olecli.dll 
    C:\Windows\System\lzexpand.dll 
    C:\Windows\System\stdole.tlb 
    C:\Windows\System\msvideo.dll 
    C:\Windows\System\mciwave.drv 
    C:\Windows\System\mciseq.drv 
    C:\Windows\System\mciavi.drv 
    C:\Windows\System\avifile.dll 
    C:\Windows\System\avicap.dll 
    ----------------------------------------
    
     
    C:\Windows\System32
    
    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 
    C:\Windows\system32\Ikeext.etl 
    C:\Windows\system32\config 
    C:\Windows\system32\drivers 
    C:\Windows\system32\_WKERNEL.SYL 
    C:\Windows\system32\Tasks 
    C:\Windows\system32\catroot 
    C:\Windows\system32\MRT.exe 
    C:\Windows\system32\catroot2 
    C:\Windows\system32\perfh019.dat 
    C:\Windows\system32\perfc019.dat 
    C:\Windows\system32\perfh00A.dat 
    C:\Windows\system32\perfc00A.dat 
    C:\Windows\system32\perfh009.dat 
    C:\Windows\system32\perfc009.dat 
    C:\Windows\system32\perfh007.dat 
    C:\Windows\system32\perfc007.dat 
    C:\Windows\system32\PerfStringBackup.INI 
    C:\Windows\system32\DriverStore 
    C:\Windows\system32\NDF 
    C:\Windows\system32\DRVSTORE 
    C:\Windows\system32\en-US 
    C:\Windows\system32\ru-RU 
    C:\Windows\system32\Wat 
    C:\Windows\system32\winrm 
    C:\Windows\system32\migwiz 
    C:\Windows\system32\oobe 
    C:\Windows\system32\Boot 
    C:\Windows\system32\slmgr 
    C:\Windows\system32\sysprep 
    C:\Windows\system32\inetsrv 
    C:\Windows\system32\Setup 
    C:\Windows\system32\migration 
    C:\Windows\system32\XPSViewer 
    C:\Windows\system32\WCN 
    C:\Windows\system32\Dism 
    C:\Windows\system32\MUI 
    C:\Windows\system32\Printing_Admin_Scripts 
    C:\Windows\system32\ru 
    C:\Windows\system32\wbem 
    C:\Windows\system32\com 
    C:\Windows\system32\perfd019.dat 
    C:\Windows\system32\perfi019.dat 
    C:\Windows\system32\FNTCACHE.DAT 
    C:\Windows\system32\de-DE 
    C:\Windows\system32\es-ES 
    C:\Windows\system32\TURegOpt.exe 
    C:\Windows\system32\authuitu.dll 
    C:\Windows\system32\uxtuneup.dll 
    C:\Windows\system32\QuickTime.qts 
    C:\Windows\system32\QuickTimeVR.qtx 
    C:\Windows\system32\dpl100.dll 
    C:\Windows\system32\DivXControlPanelApplet.cpl 
    C:\Windows\system32\wininet.dll 
    C:\Windows\system32\urlmon.dll 
    C:\Windows\system32\mstime.dll 
    C:\Windows\system32\mshtmled.dll 
    C:\Windows\system32\mshtml.dll 
    C:\Windows\system32\msfeedsbs.dll 
    C:\Windows\system32\msfeeds.dll 
    C:\Windows\system32\licmgr10.dll 
    C:\Windows\system32\jsproxy.dll 
    C:\Windows\system32\ieui.dll 
    C:\Windows\system32\iertutil.dll 
    C:\Windows\system32\iepeers.dll 
    C:\Windows\system32\ieframe.dll 
    C:\Windows\system32\iedkcs32.dll 
    C:\Windows\system32\msfeedssync.exe 
    C:\Windows\system32\html.iec 
    C:\Windows\system32\mshtml.tlb 
    C:\Windows\system32\XpsRasterService.dll 
    C:\Windows\system32\XpsPrint.dll 
    C:\Windows\system32\XpsGdiConverter.dll 
    C:\Windows\system32\wmicmiplugin.dll 
    C:\Windows\system32\taskschd.dll 
    C:\Windows\system32\taskcomp.dll 
    C:\Windows\system32\schedsvc.dll 
    C:\Windows\system32\FntCache.dll 
    C:\Windows\system32\DWrite.dll 
    C:\Windows\system32\d3d10warp.dll 
    C:\Windows\system32\d3d10_1core.dll 
    C:\Windows\system32\d3d10_1.dll 
    C:\Windows\system32\d2d1.dll 
    C:\Windows\system32\taskeng.exe 
    C:\Windows\system32\schtasks.exe 
    C:\Windows\system32\cdd.dll 
    C:\Windows\system32\tzres.dll 
    C:\Windows\system32\atmlib.dll 
    C:\Windows\system32\win32k.sys 
    C:\Windows\system32\atmfd.dll 
    C:\Windows\system32\consent.exe 
    C:\Windows\system32\webio.dll 
    C:\Windows\system32\odbc32.dll 
    C:\Windows\system32\dns-sd.exe 
    C:\Windows\system32\dnssd.dll 
    C:\Windows\system32\sirenacm.dll 
    C:\Windows\system32\acaptuser32.dll 
    C:\Windows\system32\LIVESSP.DLL 
    C:\Windows\system32\wmp.dll 
    ----------------------------------------
    
     
    C:\Windows\Prefetch
    
    ----------------------------------------
    
     
    C:\Windows\Tasks
    
    C:\Windows\Tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job 
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000UA.job 
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000Core.job 
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 
    C:\Windows\Tasks\SupBackGroundTask.job 
    C:\Windows\Tasks\SA.DAT 
    C:\Windows\Tasks\SCHEDLGU.TXT 
    ----------------------------------------
    
     
    C:\Windows\Temp
    
    ----------------------------------------
    
     
    C:\Users\Mirko\AppData\Local\Temp
    
    C:\Users\Mirko\AppData\Local\Temp\25743440.od
    C:\Users\Mirko\AppData\Local\Temp\CVRD050.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\plugtmp-1
    C:\Users\Mirko\AppData\Local\Temp\WPDNSE
    C:\Users\Mirko\AppData\Local\Temp\~DFC0D07567940F25DF.TMP
    C:\Users\Mirko\AppData\Local\Temp\plugtmp
    C:\Users\Mirko\AppData\Local\Temp\DF1C.tmp
    C:\Users\Mirko\AppData\Local\Temp\6F78.tmp
    C:\Users\Mirko\AppData\Local\Temp\424F.tmp
    C:\Users\Mirko\AppData\Local\Temp\MsgrTemp
    C:\Users\Mirko\AppData\Local\Temp\TFR99F9.tmp
    C:\Users\Mirko\AppData\Local\Temp\AE63F8.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSIf5b9e.LOG
    C:\Users\Mirko\AppData\Local\Temp\xpiDCD0.tmp
    C:\Users\Mirko\AppData\Local\Temp\xpiDC62.tmp
    C:\Users\Mirko\AppData\Local\Temp\ietDBB5.tmp
    C:\Users\Mirko\AppData\Local\Temp\xpiD938.tmp
    C:\Users\Mirko\AppData\Local\Temp\xpiD62B.tmp
    C:\Users\Mirko\AppData\Local\Temp\ietD58E.tmp.exe
    C:\Users\Mirko\AppData\Local\Temp\ietD58E.tmp
    C:\Users\Mirko\AppData\Local\Temp\uttABCF.tmp
    C:\Users\Mirko\AppData\Local\Temp\uttA636.tmp
    C:\Users\Mirko\AppData\Local\Temp\uttA637.tmp
    C:\Users\Mirko\AppData\Local\Temp\utt9D5F.tmp.old
    C:\Users\Mirko\AppData\Local\Temp\utt9D2F.tmp
    C:\Users\Mirko\AppData\Local\Temp\utt9D2F.tmp.old
    C:\Users\Mirko\AppData\Local\Temp\utt83D6.tmp.bat
    C:\Users\Mirko\AppData\Local\Temp\utt83D6.tmp
    C:\Users\Mirko\AppData\Local\Temp\utt6B95.tmp.bat
    C:\Users\Mirko\AppData\Local\Temp\utt6B95.tmp
    C:\Users\Mirko\AppData\Local\Temp\utt5605.tmp
    C:\Users\Mirko\AppData\Local\Temp\amt.log
    C:\Users\Mirko\AppData\Local\Temp\alm.log
    C:\Users\Mirko\AppData\Local\Temp\swtag.log
    C:\Users\Mirko\AppData\Local\Temp\AdobeARM.log
    C:\Users\Mirko\AppData\Local\Temp\~DF2CA35B8E9E2C3C58.TMP
    C:\Users\Mirko\AppData\Local\Temp\OIS
    C:\Users\Mirko\AppData\Local\Temp\OneNoteRuntimeCache
    C:\Users\Mirko\AppData\Local\Temp\15922023.od
    C:\Users\Mirko\AppData\Local\Temp\CVRF367.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\12428459.od
    C:\Users\Mirko\AppData\Local\Temp\CVRA4AB.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\TFR7F14.tmp
    C:\Users\Mirko\AppData\Local\Temp\{39AFA9F1-4B65-4A6C-AFAD-BD17A919D47B}
    C:\Users\Mirko\AppData\Local\Temp\{C60B61C0-10CD-4735-A26B-8B54283E3975}
    C:\Users\Mirko\AppData\Local\Temp\AE8AA5.tmp
    C:\Users\Mirko\AppData\Local\Temp\rtdrvmon.exe
    C:\Users\Mirko\AppData\Local\Temp\Acrobat Distiller 9
    C:\Users\Mirko\AppData\Local\Temp\Adobe
    C:\Users\Mirko\AppData\Local\Temp\TWAIN.LOG
    C:\Users\Mirko\AppData\Local\Temp\lxczscan.log
    C:\Users\Mirko\AppData\Local\Temp\Twain001.Mtx
    C:\Users\Mirko\AppData\Local\Temp\Twunk001.MTX
    C:\Users\Mirko\AppData\Local\Temp\Twunk002.MTX
    C:\Users\Mirko\AppData\Local\Temp\VBE
    C:\Users\Mirko\AppData\Local\Temp\198932.od
    C:\Users\Mirko\AppData\Local\Temp\CVR904.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\~D825.tmp
    C:\Users\Mirko\AppData\Local\Temp\~FE28.tmp
    C:\Users\Mirko\AppData\Local\Temp\CVR8F21.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\244158241.od
    C:\Users\Mirko\AppData\Local\Temp\ge4052
    C:\Users\Mirko\AppData\Local\Temp\geColladaModelCacheLock
    C:\Users\Mirko\AppData\Local\Temp\geIconCacheLock
    C:\Users\Mirko\AppData\Local\Temp\222199400.od
    C:\Users\Mirko\AppData\Local\Temp\CVR7E58.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\11201223-000010c4-2ai0if7xri
    C:\Users\Mirko\AppData\Local\Temp\91dihlh2.tmp
    C:\Users\Mirko\AppData\Local\Temp\BE7E.dir
    C:\Users\Mirko\AppData\Local\Temp\Cookies
    C:\Users\Mirko\AppData\Local\Temp\CR_19D7.tmp
    C:\Users\Mirko\AppData\Local\Temp\CR_3E73.tmp
    C:\Users\Mirko\AppData\Local\Temp\CR_4E3F.tmp
    C:\Users\Mirko\AppData\Local\Temp\CR_C9E4.tmp
    C:\Users\Mirko\AppData\Local\Temp\cxSetupPI
    C:\Users\Mirko\AppData\Local\Temp\DivDDA7.tmp
    C:\Users\Mirko\AppData\Local\Temp\divF230.tmp
    C:\Users\Mirko\AppData\Local\Temp\divF0.tmp
    C:\Users\Mirko\AppData\Local\Temp\e4jACAF.tmp_dir32644
    C:\Users\Mirko\AppData\Local\Temp\E949C5FE-0179-4E4B-99AA-999DD6FC4155
    C:\Users\Mirko\AppData\Local\Temp\EF7333C8-08E8-4ACA-9384-77B2E1B5BFC9
    C:\Users\Mirko\AppData\Local\Temp\IM
    C:\Users\Mirko\AppData\Local\Temp\IMInstaller
    C:\Users\Mirko\AppData\Local\Temp\IM_305F.tmp
    C:\Users\Mirko\AppData\Local\Temp\IM_3A59.tmp
    C:\Users\Mirko\AppData\Local\Temp\IM_B424.tmp
    C:\Users\Mirko\AppData\Local\Temp\IM_B84.tmp
    C:\Users\Mirko\AppData\Local\Temp\IM_BCEF.tmp
    C:\Users\Mirko\AppData\Local\Temp\MessengerCache
    C:\Users\Mirko\AppData\Local\Temp\mProjector3164945512
    C:\Users\Mirko\AppData\Local\Temp\plugtmp-3
    C:\Users\Mirko\AppData\Local\Temp\UpdateWizard_25733
    C:\Users\Mirko\AppData\Local\Temp\Word8.0
    C:\Users\Mirko\AppData\Local\Temp\{126E488B-B3F1-4B79-8EBA-20D20A0C948B}
    C:\Users\Mirko\AppData\Local\Temp\{29A4AB8B-AC05-4FD2-B462-C2381EAF4C29}
    C:\Users\Mirko\AppData\Local\Temp\{2F1C5725-0772-4DD1-A563-F0CE70DC108D}
    C:\Users\Mirko\AppData\Local\Temp\{36153350-0EE2-464F-B49E-5FB0F37FEC75}
    C:\Users\Mirko\AppData\Local\Temp\{430D5975-DFCC-464D-936F-6932A0D28CD4}
    C:\Users\Mirko\AppData\Local\Temp\{529A94C9-359B-43BA-80B8-DA6BF32F42AE}
    C:\Users\Mirko\AppData\Local\Temp\{69A36628-F615-4FAD-BDCF-8E33FB75DCFF}
    C:\Users\Mirko\AppData\Local\Temp\{734468B5-DEF3-4CF7-BA63-606A796033B3}
    C:\Users\Mirko\AppData\Local\Temp\{9BE8398F-37DC-42B7-96C0-915EE19A61B6}
    C:\Users\Mirko\AppData\Local\Temp\{AC13FBC6-1744-4739-AD21-94508105A349}
    C:\Users\Mirko\AppData\Local\Temp\{ADA75DC1-E087-49F0-8EE5-712D2C42F2A2}
    C:\Users\Mirko\AppData\Local\Temp\{B30FEDF3-96C2-4B11-85C2-5FF312C2A0AA}
    C:\Users\Mirko\AppData\Local\Temp\{CE88A9B1-84BF-4524-9D14-D409DC1CFC73}
    C:\Users\Mirko\AppData\Local\Temp\{E7515938-57F6-4222-85E3-CD7C8B15570E}
    C:\Users\Mirko\AppData\Local\Temp\{E8A466D9-AD07-4FC3-96E7-0810768CCED6}
    C:\Users\Mirko\AppData\Local\Temp\Ultra$ISO
    C:\Users\Mirko\AppData\Local\Temp\199017557.od
    C:\Users\Mirko\AppData\Local\Temp\CVRC455.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\197123955.od
    C:\Users\Mirko\AppData\Local\Temp\CVRDF73.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\192621345.od
    C:\Users\Mirko\AppData\Local\Temp\CVR2B21.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\wmplog00.sqm
    C:\Users\Mirko\AppData\Local\Temp\wmsetup.log
    C:\Users\Mirko\AppData\Local\Temp\TFRA659.tmp
    C:\Users\Mirko\AppData\Local\Temp\AE8050.tmp
    C:\Users\Mirko\AppData\Local\Temp\5F74.tmp
    C:\Users\Mirko\AppData\Local\Temp\323A.tmp
    C:\Users\Mirko\AppData\Local\Temp\542B.tmp
    C:\Users\Mirko\AppData\Local\Temp\TFRE7BA.tmp
    C:\Users\Mirko\AppData\Local\Temp\{24B2BB23-2D06-4F8C-AAE2-5A7ECC1BC0EF}
    C:\Users\Mirko\AppData\Local\Temp\{505D5AB9-188F-4FD8-BEA3-7E3DE0D8208A}
    C:\Users\Mirko\AppData\Local\Temp\TFR36D.tmp
    C:\Users\Mirko\AppData\Local\Temp\AEDBBF.tmp
    C:\Users\Mirko\AppData\Local\Temp\150357757.od
    C:\Users\Mirko\AppData\Local\Temp\CVR46ED.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\{ECC3C3B2-8EEC-4EA0-BFD3-CAD143088919}
    C:\Users\Mirko\AppData\Local\Temp\{E61F8927-0591-4520-A66A-258B33954C43}
    C:\Users\Mirko\AppData\Local\Temp\TFR21A9.tmp
    C:\Users\Mirko\AppData\Local\Temp\AEF163.tmp
    C:\Users\Mirko\AppData\Local\Temp\TFR170C.tmp
    C:\Users\Mirko\AppData\Local\Temp\AEF479.tmp
    C:\Users\Mirko\AppData\Local\Temp\IM_5D0B.tmp
    C:\Users\Mirko\AppData\Local\Temp\Low
    C:\Users\Mirko\AppData\Local\Temp\TFR53D3.tmp
    C:\Users\Mirko\AppData\Local\Temp\TFREB0E.tmp
    C:\Users\Mirko\AppData\Local\Temp\92499513.od
    C:\Users\Mirko\AppData\Local\Temp\CVR6E39.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\cookies.sqlite
    C:\Users\Mirko\AppData\Local\Temp\CVR9826.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\91199526.od
    C:\Users\Mirko\AppData\Local\Temp\TFRBCF7.tmp
    C:\Users\Mirko\AppData\Local\Temp\{D83EE475-FC2C-4C74-A476-B0285AF1CDA4}
    C:\Users\Mirko\AppData\Local\Temp\{3B0FD761-D1B1-4897-A09F-DA051AE42B0C}
    C:\Users\Mirko\AppData\Local\Temp\TFR4B49.tmp
    C:\Users\Mirko\AppData\Local\Temp\CVR40EB.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\67715307.od
    C:\Users\Mirko\AppData\Local\Temp\35319593.od
    C:\Users\Mirko\AppData\Local\Temp\CVREF29.tmp
    C:\Users\Mirko\AppData\Local\Temp\34598697.od
    C:\Users\Mirko\AppData\Local\Temp\CVREF29.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\TFR4DA0.tmp
    C:\Users\Mirko\AppData\Local\Temp\SetupAdmin13D0.log
    C:\Users\Mirko\AppData\Local\Temp\TFR6722.tmp
    C:\Users\Mirko\AppData\Local\Temp\TFR8232.tmp
    C:\Users\Mirko\AppData\Local\Temp\TFRD71F.tmp
    C:\Users\Mirko\AppData\Local\Temp\{03AACEBA-1105-4070-BC22-C299ECA7889B}
    C:\Users\Mirko\AppData\Local\Temp\{5FA096D3-4FCA-4E6A-B694-2A64E2746C5E}
    C:\Users\Mirko\AppData\Local\Temp\CVREB38.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\322376.od
    C:\Users\Mirko\AppData\Local\Temp\CVR6872.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\223362.od
    C:\Users\Mirko\AppData\Local\Temp\A21.tmp
    C:\Users\Mirko\AppData\Local\Temp\TFR3ACD.tmp
    C:\Users\Mirko\AppData\Local\Temp\{715D4F7A-D1E6-4AEF-A2CC-FEB30A39F9BA}
    C:\Users\Mirko\AppData\Local\Temp\{F011724B-6294-4C78-BABA-806B9F5A1472}
    C:\Users\Mirko\AppData\Local\Temp\TFRE8C1.tmp
    C:\Users\Mirko\AppData\Local\Temp\AEACE7.tmp
    C:\Users\Mirko\AppData\Local\Temp\6073664.od
    C:\Users\Mirko\AppData\Local\Temp\CVRAD40.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\5914419.od
    C:\Users\Mirko\AppData\Local\Temp\CVR3F33.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\TFR8DF5.tmp
    C:\Users\Mirko\AppData\Local\Temp\TFR5812.tmp
    C:\Users\Mirko\AppData\Local\Temp\219945.od
    C:\Users\Mirko\AppData\Local\Temp\CVR5B29.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\AE8C85.tmp
    C:\Users\Mirko\AppData\Local\Temp\divF21B.tmp
    C:\Users\Mirko\AppData\Local\Temp\TFR3FF8.tmp
    C:\Users\Mirko\AppData\Local\Temp\AE1ECF.tmp
    C:\Users\Mirko\AppData\Local\Temp\7291.tmp
    C:\Users\Mirko\AppData\Local\Temp\{DAD74882-B143-4791-A15A-4023A2F3A958}
    C:\Users\Mirko\AppData\Local\Temp\{B103E458-5300-456B-87FD-089EB548560A}
    C:\Users\Mirko\AppData\Local\Temp\TFR1938.tmp
    C:\Users\Mirko\AppData\Local\Temp\AED12C.tmp
    C:\Users\Mirko\AppData\Local\Temp\227318182.od
    C:\Users\Mirko\AppData\Local\Temp\CVR99A6.tmp.cvr
    C:\Users\Mirko\AppData\Local\Temp\msohtmlclip1
    C:\Users\Mirko\AppData\Local\Temp\History
    C:\Users\Mirko\AppData\Local\Temp\Temporary Internet Files
    C:\Users\Mirko\AppData\Local\Temp\GLFDB8B.tmp.ConduitEngineSetup.exe
    C:\Users\Mirko\AppData\Local\Temp\tbBitt.dll
    C:\Users\Mirko\AppData\Local\Temp\Save for Web
    C:\Users\Mirko\AppData\Local\Temp\toolbar.cfg
    C:\Users\Mirko\AppData\Local\Temp\{0C5B0C9E-92B1-4F12-9388-A2C97EA7D3EC}
    C:\Users\Mirko\AppData\Local\Temp\{DE4BCD70-CFDF-41F8-8C13-6CD0DC747088}
    C:\Users\Mirko\AppData\Local\Temp\FXSAPIDebugLogFile.txt
    C:\Users\Mirko\AppData\Local\Temp\MSG5424.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG4E00.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG5412.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG8253.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG8254.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG8255.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG3B1C.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG4E11.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG3B2D.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG5423.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG4DEF.tmp
    C:\Users\Mirko\AppData\Local\Temp\MSG3B3D.tmp
    ----------------------------------------
    
     
    C:\Program Files
    
    C:\Program Files\Malwarebytes' Anti-Malware 
    C:\Program Files\BlueShot 
    C:\Program Files\123 Free Solitaire 
    C:\Program Files\Common Files 
    C:\Program Files\WinUtilities 
    C:\Program Files\TuneUp Utilities 2011 
    C:\Program Files\TuneUp Utilities 2010 
    C:\Program Files\Safari 
    C:\Program Files\DivX 
    C:\Program Files\TomTom HOME 2 
    C:\Program Files\NCH Software 
    C:\Program Files\Mozilla Firefox 
    C:\Program Files\HiYo 
    C:\Program Files\iTunes 
    C:\Program Files\iPod 
    C:\Program Files\QuickTime 
    C:\Program Files\Apple Software Update 
    C:\Program Files\Bonjour 
    C:\Program Files\Microsoft Silverlight 
    C:\Program Files\Uninstall SmileyCentral.dll 
    C:\Program Files\SmileyCentral_1vEI 
    C:\Program Files\Windows Mail 
    C:\Program Files\Windows Sidebar 
    C:\Program Files\DVD Maker 
    C:\Program Files\Internet Explorer 
    C:\Program Files\Windows Media Player 
    C:\Program Files\Windows Journal 
    C:\Program Files\Windows Photo Viewer 
    C:\Program Files\Windows Defender 
    C:\Program Files\Babylon 
    C:\Program Files\IncrediMail 
    C:\Program Files\Skype 
    C:\Program Files\Verbindungsassistent 
    C:\Program Files\BitTorrent 
    C:\Program Files\Videograbber 2010 
    C:\Program Files\Windows Live 
    C:\Program Files\InstallShield Installation Information 
    C:\Program Files\Yahoo 
    C:\Program Files\hastasoft 
    C:\Program Files\SamSung 
    C:\Program Files\Air France TravelDesk 
    C:\Program Files\EMS 
    C:\Program Files\AskTBar 
    C:\Program Files\Vuze 
    C:\Program Files\Uninstall Ask Toolbar.dll 
    C:\Program Files\Nero 
    C:\Program Files\TomTom DesktopSuite 
    C:\Program Files\Intel 
    C:\Program Files\Java 
    C:\Program Files\Xobni 
    C:\Program Files\CCleaner 
    C:\Program Files\MP3-DJ 
    C:\Program Files\Free PDF to Word Doc Converter 
    C:\Program Files\ABF software 
    C:\Program Files\L0phtCrack 6 
    C:\Program Files\Microsoft.NET 
    C:\Program Files\PamFax 
    C:\Program Files\PDF Creator 
    C:\Program Files\TechSmith 
    C:\Program Files\Aston2 
    C:\Program Files\Google 
    C:\Program Files\Mozilla Thunderbird 
    C:\Program Files\Opera 
    C:\Program Files\Real 
    C:\Program Files\JAM Software 
    C:\Program Files\Lissworx 
    C:\Program Files\Microsoft Visual Studio 9.0 
    C:\Program Files\Microsoft SDKs 
    C:\Program Files\Ulead Systems 
    C:\Program Files\FreeTime 
    C:\Program Files\DebugMode 
    C:\Program Files\Summitsoft 
    C:\Program Files\HomepageFIX 
    C:\Program Files\VirtualDJ 
    C:\Program Files\mcePhone 
    C:\Program Files\Adobe 
    C:\Program Files\AviSynth 2.5 
    C:\Program Files\Raikosoft 
    C:\Program Files\Wondershare 
    C:\Program Files\MAGIX 
    C:\Program Files\DA-Software 
    C:\Program Files\Systerac Tools for Windows 7 
    C:\Program Files\WebSite X5 v8 - Evolution 
    C:\Program Files\The Cleaner 
    C:\Program Files\NeoSmart Technologies 
    C:\Program Files\DATA BECKER 
    C:\Program Files\Winamp 
    C:\Program Files\Windows Virtual PC 
    C:\Program Files\Lexmark Fax Solutions 
    C:\Program Files\Lexmark 1200 Series 
    C:\Program Files\ABBYY FineReader 6.0 Sprint 
    C:\Program Files\Paragon Software 
    C:\Program Files\mresreg 
    C:\Program Files\WoLoSoft 
    C:\Program Files\CPUID 
    C:\Program Files\Adobe Media Player 
    C:\Program Files\Uniblue 
    C:\Program Files\UnHackMe 
    C:\Program Files\SUPERAntiSpyware 
    C:\Program Files\PHP 
    C:\Program Files\phase5 
    C:\Program Files\DBI 
    C:\Program Files\Avanquest update 
    C:\Program Files\Azureus 
    C:\Program Files\Studio V5 
    C:\Program Files\SolidDocuments 
    C:\Program Files\Microsoft SQL Server 
    C:\Program Files\KIM 
    C:\Program Files\ALCATech 
    C:\Program Files\McAfee 
    C:\Program Files\Windows NT 
    C:\Program Files\Gemeinsame Dateien 
    C:\Program Files\Microsoft Games 
    C:\Program Files\Xvid 
    C:\Program Files\WinRAR 
    C:\Program Files\Windows Photo Gallery 
    C:\Program Files\Windows Collaboration 
    C:\Program Files\Windows Calendar 
    C:\Program Files\Vimicro Corporation 
    C:\Program Files\VideoLAN 
    C:\Program Files\UltraISO 
    C:\Program Files\TuneUp Utilities 2009 
    C:\Program Files\Tetris Game Gold 
    C:\Program Files\Telefonica 
    C:\Program Files\ScanSoft 
    C:\Program Files\Realtek 
    C:\Program Files\opencrxSdk-2.4.1 
    C:\Program Files\NeuroPower 
    C:\Program Files\Musicmatch 
    C:\Program Files\MSECache 
    C:\Program Files\MSBuild 
    C:\Program Files\MP3Gain 
    C:\Program Files\MP3 Remix 
    C:\Program Files\Microsoft Works 
    C:\Program Files\Microsoft Visual Studio 8 
    C:\Program Files\Microsoft Visual Studio 
    C:\Program Files\Microsoft Office 
    C:\Program Files\Microsoft Expression 
    C:\Program Files\Ligos 
    C:\Program Files\Langenscheidt T1 6_0 
    C:\Program Files\K-Lite Codec Pack 
    C:\Program Files\homepage MAKER 
    C:\Program Files\eMule 
    C:\Program Files\CyberLink 
    C:\Program Files\BitLocker 
    C:\Program Files\Ax3soft 
    C:\Program Files\AgentWebRanking PRO 
    C:\Program Files\Synaptics 
    C:\Program Files\WinZip 
    C:\Program Files\Uninstall Information 
    C:\Program Files\Windows Portable Devices 
    C:\Program Files\Reference Assemblies 
    C:\Program Files\desktop.ini 
    C:\Program Files\eBay 
    C:\Program Files\MSXML 4.0 
    C:\Program Files\MSSOAP 
    ----------------------------------------
    
     
    C:\ProgramData\.. 
    
    Mirko    
    Gast.MirkoLaptop    
    Public    
    Administrator    
    Gast    
    All Users    
    Default User    
    Default    
    desktop.ini    
    ----------------------------------------
    
     
    C:\Windows\system32\drivers\etc\hosts
    
    #       38.25.63.10     x.acme.com              # x client host
    127.0.0.1       localhost
    ::1             localhost
    127.0.0.1				activate.adobe.com
    
    ----------------------------------------
    
    
    
    Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
    ========================= ======== ================ =========== ===============
    System Idle Process              0 Services                   0            12 K
    System                           4 Services                   0           224 K
    smss.exe                       256 Services                   0           692 K
    csrss.exe                      440 Services                   0         3.444 K
    wininit.exe                    480 Services                   0         3.600 K
    csrss.exe                      488 Console                    1         9.984 K
    services.exe                   528 Services                   0        15.812 K
    winlogon.exe                   564 Console                    1        17.476 K
    lsass.exe                      576 Services                   0        21.492 K
    lsm.exe                        592 Services                   0         2.972 K
    svchost.exe                    720 Services                   0        23.444 K
    svchost.exe                    800 Services                   0        18.712 K
    svchost.exe                    884 Services                   0        31.276 K
    svchost.exe                    928 Services                   0       105.168 K
    svchost.exe                    952 Services                   0        61.728 K
    svchost.exe                   1084 Services                   0        25.200 K
    spoolsv.exe                   1368 Services                   0        52.064 K
    svchost.exe                   1404 Services                   0        19.376 K
    svchost.exe                   1444 Services                   0        35.800 K
    PhotoshopElementsFileAgen     1500 Services                   0           836 K
    httpd.exe                     1556 Services                   0        37.840 K
    svchost.exe                   1616 Services                   0        21.944 K
    mDNSResponder.exe             1636 Services                   0         5.256 K
    svchost.exe                   1680 Services                   0        25.004 K
    FileZilla Server.exe          1716 Services                   0         3.668 K
    lxczcoms.exe                  1776 Services                   0         3.656 K
    EngineServer.exe              1836 Services                   0         2.628 K
    FrameworkService.exe          1868 Services                   0         5.828 K
    VsTskMgr.exe                  2004 Services                   0           632 K
    mfevtps.exe                   2032 Services                   0         7.132 K
    mysqld.exe                     392 Services                   0        18.456 K
    NBService.exe                  448 Services                   0         6.420 K
    naPrdMgr.exe                   444 Services                   0         1.020 K
    NLSSRV32.EXE                   580 Services                   0         1.704 K
    PsiService_2.exe              1048 Services                   0         2.740 K
    RichVideo.exe                 1176 Services                   0         3.320 K
    svchost.exe                   1260 Services                   0        18.296 K
    TUProgSt.exe                  1984 Services                   0        10.856 K
    httpd.exe                     2076 Services                   0        38.332 K
    TuneUpUtilitiesService32.     2084 Services                   0        19.600 K
    VSSVC.exe                     2116 Services                   0         4.644 K
    svchost.exe                   2148 Services                   0         7.728 K
    WLIDSVC.EXE                   2188 Services                   0        11.428 K
    WTGService.exe                2236 Services                   0         3.740 K
    Mcshield.exe                  2256 Services                   0        63.356 K
    WLIDSVCM.EXE                  2324 Services                   0         2.296 K
    mfeann.exe                    2356 Services                   0         5.596 K
    conhost.exe                   2364 Services                   0         2.016 K
    taskeng.exe                   3164 Console                    1         4.072 K
    dwm.exe                       3212 Console                    1        25.692 K
    explorer.exe                  3224 Console                    1       153.844 K
    TuneUpUtilitiesApp32.exe      3296 Console                    1         6.580 K
    MagicDoctorKbdHk.exe          3572 Console                    1           732 K
    dmhkcore.exe                  3600 Console                    1           808 K
    EasyBatteryMgr3.exe           3620 Console                    1           560 K
    HiYo.exe                      3728 Console                    1        28.456 K
    Skype.exe                     3748 Console                    1       132.376 K
    igfxext.exe                   3812 Console                    1         3.868 K
    igfxsrvc.exe                  3284 Console                    1         4.252 K
    skypePM.exe                   4596 Console                    1        24.092 K
    firefox.exe                   5180 Console                    1       118.852 K
    shstat.exe                    5284 Console                    1           816 K
    svchost.exe                   5604 Services                   0         7.196 K
    GoogleCrashHandler.exe        6052 Console                    1           520 K
    OUTLOOK.EXE                   3416 Console                    1       116.496 K
    explorer.exe                  4636 Console                    1        33.204 K
    audiodg.exe                   5852 Services                   0        14.324 K
    cmd.exe                       5256 Console                    1         3.148 K
    conhost.exe                   5560 Console                    1         4.084 K
    tasklist.exe                  5676 Console                    1         4.496 K
    WmiPrvSE.exe                  4500 Services                   0         5.200 K
    
     
    ***** Ende des Scans 18.01.2011 um  9:24:56,24 ***

  6. #6
    Einsteiger
    Registriert seit
    17.01.2011
    Beiträge
    19

    AW: Hijack.log

    Code:
     
    OTL logfile created on: 18.01.2011 09:29:40 - Run 1
    OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\Mirko\Downloads
     Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
    3,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
    Paging file location(s):  [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 79,05 Gb Total Space | 21,35 Gb Free Space | 27,00% Space Free | Partition Type: NTFS
    Drive E: | 23,69 Gb Total Space | 6,06 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
    Drive G: | 21,86 Gb Total Space | 11,05 Gb Free Space | 50,54% Space Free | Partition Type: NTFS
    Drive H: | 15,66 Mb Total Space | 5,91 Mb Free Space | 37,77% Space Free | Partition Type: NTFS
    Drive I: | 10,98 Gb Total Space | 5,36 Gb Free Space | 48,81% Space Free | Partition Type: NTFS
    Drive J: | 1,89 Gb Total Space | 1,83 Gb Free Space | 97,05% Space Free | Partition Type: FAT
     
    Computer Name: MIRKOLAPTOP | User Name: Mirko | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2011.01.18 09:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
    PRC - [2011.01.15 16:50:46 | 000,238,960 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe
    PRC - [2010.12.14 15:34:20 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    PRC - [2010.12.14 15:32:52 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    PRC - [2010.12.11 01:11:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010.12.01 08:31:05 | 000,330,696 | ---- | M] () -- C:\Program Files\Verbindungsassistent\WTGService.exe
    PRC - [2010.10.23 00:45:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Mirko\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010.08.25 19:45:38 | 000,179,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
    PRC - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
    PRC - [2009.12.20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe
    PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
    PRC - [2009.12.16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009.07.14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
    PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009.05.20 07:12:06 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
    PRC - [2008.09.29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    PRC - [2008.09.29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2008.09.29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2008.09.29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    PRC - [2008.09.29 09:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2008.09.29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    PRC - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008.05.22 18:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
    PRC - [2008.04.17 16:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
    PRC - [2008.03.14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2008.03.14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2007.07.05 08:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    PRC - [2007.02.08 23:50:33 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2011.01.18 09:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
    MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009.07.14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
    SRV - File not found [On_Demand | Stopped] --  -- (BroadCamService)
    SRV - [2010.12.20 01:10:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010.12.14 15:32:52 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2010.12.14 15:30:46 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2010.12.01 08:31:05 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
    SRV - [2010.11.02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
    SRV - [2009.12.20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
    SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
    SRV - [2009.12.16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2009.11.18 14:31:36 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2009.11.14 12:02:33 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009.11.01 08:28:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
    SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009.05.20 07:12:06 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
    SRV - [2008.09.29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2008.09.29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2008.09.29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2008.09.29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008.03.14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007.02.08 23:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - [2010.08.25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2010.08.19 21:08:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2010.06.10 02:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009.11.18 14:09:08 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
    DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009.09.23 02:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2009.09.23 02:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2009.09.23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2009.09.23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)
    DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009.07.14 00:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)
    DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)
    DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)
    DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009.07.13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009.04.20 16:13:53 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
    DRV - [2009.04.19 13:05:54 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV57.sys -- (SSHDRV57)
    DRV - [2009.01.11 18:18:38 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008.09.29 09:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008.09.29 09:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2008.09.29 09:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2008.09.29 09:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2008.09.29 09:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008.09.29 09:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2008.07.24 10:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008.06.05 17:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
    DRV - [2008.04.18 00:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008.04.04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)
    DRV - [2008.02.15 15:52:02 | 000,018,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\biont_bs.sys -- (BioNT_BS)
    DRV - [2007.11.06 09:58:50 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
    DRV - [2007.11.06 09:58:50 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
    DRV - [2007.11.03 12:21:02 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2007.10.26 22:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006.11.14 10:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849855
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
     
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.12 09:04:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.09 16:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.09 16:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.28 20:07:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 16:56:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.28 20:07:33 | 000,000,000 | ---D | M]
     
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions
    [2009.10.15 10:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009.06.17 14:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2010.06.08 05:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010.01.19 09:44:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20}
    [2010.05.17 11:59:51 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2011.01.18 00:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions
    [2010.04.29 06:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010.09.10 19:43:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011.01.17 16:43:15 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
    [2011.01.06 16:11:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011.01.06 16:11:27 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
    [2010.02.03 10:51:45 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
    [2011.01.17 16:43:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\engine@conduit.com
    [2010.05.17 11:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\9owkdpe0.default\extensions
    [2010.05.17 11:59:55 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\9owkdpe0.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.05.17 11:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\p71gb2pa.default\extensions
    [2010.05.17 11:59:56 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\p71gb2pa.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.08.23 14:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009.10.31 17:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    [2009.10.31 17:23:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
    [2010.05.24 23:16:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010.08.23 14:40:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2008.09.29 09:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2008.10.19 10:58:22 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
    [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2008.09.10 02:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
    [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010.09.20 23:04:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2010.06.01 07:27:52 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    [2010.09.20 23:04:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
    [2010.09.20 23:04:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2009.11.01 12:27:13 | 000,002,817 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SiteVacuum.xml
    [2010.09.20 23:04:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2010.09.20 23:04:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.11.12 09:38:07 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O1 - Hosts: 127.0.0.1				activate.adobe.com
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (T1) - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\Program Files\Langenscheidt T1 6_0\Engine\mte\StdAlone\T1IE.dll (Comprendium Lingua GmbH.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260583483871 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\MIRKO\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{94f74c1c-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c23-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c29-471b-11df-9257-82b645f02e2e}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a4035-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{ea8dd3ca-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{f43b1fd6-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\{f43b1fd8-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk /r \??\L:) -  File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\Paragon Software\Partition Manager 9.0 Professional\bluescrn\bluescrn.exe) - C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\bluescrn.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2011.01.17 20:34:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.01.17 20:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
    [2011.01.17 20:34:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.01.17 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.01.17 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2011.01.17 16:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\123 Free Solitaire
    [2011.01.17 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\123 Free Solitaire
    [2011.01.17 03:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\TuneUp Utilities 2011
    [2011.01.17 03:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
    [2011.01.12 00:20:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011.01.12 00:20:15 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2011.01.12 00:20:15 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011.01.12 00:20:15 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2011.01.12 00:20:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011.01.12 00:20:15 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011.01.12 00:20:14 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2011.01.12 00:20:14 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011.01.12 00:20:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2011.01.12 00:20:14 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
    [2011.01.12 00:20:14 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2011.01.12 00:20:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2011.01.12 00:20:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2011.01.10 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2011.01.09 16:56:54 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\Local
    [2011.01.09 16:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DivX Plus
    [2011.01.09 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2011.01.09 07:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mirko\Desktop\LUSTIG
    [2011.01.08 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\HiYo
    [2011.01.08 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HiYo
    [2011.01.08 13:41:19 | 000,675,840 | ---- | C] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.28 20:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
    [2010.12.28 20:09:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
    [2010.12.28 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010.12.28 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010.12.28 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
    [2010.12.28 20:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010.12.28 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010.12.28 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010.12.23 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI
    [2010.12.20 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Silverlight
    [2010.12.20 01:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010.12.20 01:10:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [2010.09.28 00:07:54 | 000,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
    [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009.11.07 10:45:19 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
    [2009.11.07 10:45:18 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
    [2009.11.07 10:45:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
    [2009.11.07 10:45:17 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
    [2009.11.07 10:45:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
    [2009.11.07 10:45:17 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
    [2009.11.07 10:45:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
    [2009.11.07 10:45:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
    [2009.11.07 10:45:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
    [2009.11.07 10:45:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
    [2009.11.07 10:45:13 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
    [2006.11.24 22:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
    [2006.11.24 22:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2011.01.18 09:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
    [2011.01.18 09:05:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.01.18 08:50:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000UA.job
    [2011.01.18 01:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000Core.job
    [2011.01.18 01:05:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:31:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011.01.18 00:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.01.18 00:31:28 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011.01.17 20:34:57 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 14:44:19 | 000,000,114 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
    [2011.01.17 10:41:27 | 000,032,767 | ---- | M] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:27:33 | 000,006,087 | ---- | M] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | M] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:11:14 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | M] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.14 18:36:51 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.13 00:50:40 | 000,002,269 | ---- | M] () -- C:\Users\Mirko\Desktop\Google Chrome.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 21:05:58 | 000,842,548 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2011.01.08 21:05:58 | 000,711,012 | ---- | M] () -- C:\Windows\System32\perfh019.dat
    [2011.01.08 21:05:58 | 000,694,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2011.01.08 21:05:58 | 000,649,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.01.08 21:05:58 | 000,189,366 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2011.01.08 21:05:58 | 000,147,498 | ---- | M] () -- C:\Windows\System32\perfc019.dat
    [2011.01.08 21:05:58 | 000,146,666 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2011.01.08 21:05:58 | 000,119,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.01.08 16:29:58 | 000,051,633 | ---- | M] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:15 | 000,024,449 | ---- | M] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | M] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:15 | 000,002,080 | ---- | M] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:42 | 000,115,672 | ---- | M] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:53 | 000,227,769 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | M] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:31 | 000,013,998 | ---- | M] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.23 21:54:20 | 000,675,840 | ---- | M] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.22 15:22:00 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
    [2010.12.21 21:14:50 | 000,455,266 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2011.01.17 20:34:57 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 10:41:17 | 000,032,767 | ---- | C] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:24:14 | 000,006,087 | ---- | C] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | C] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:09:17 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | C] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.10 16:14:31 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 16:29:57 | 000,051,633 | ---- | C] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:14 | 000,024,449 | ---- | C] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | C] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:12 | 000,002,080 | ---- | C] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:39 | 000,115,672 | ---- | C] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:49 | 000,227,769 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | C] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:28 | 000,013,998 | ---- | C] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.21 21:14:42 | 000,455,266 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.09.26 19:54:44 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010.06.01 07:27:59 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
    [2010.04.20 13:17:33 | 000,000,111 | ---- | C] () -- C:\Windows\WinPlace.INI
    [2010.02.28 19:16:51 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
    [2010.02.20 14:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010.02.20 14:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010.02.08 19:15:47 | 000,000,041 | ---- | C] () -- C:\ProgramData\trfntw32.cfg
    [2010.01.19 11:33:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010.01.19 10:12:57 | 000,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater6.rbt
    [2010.01.05 08:25:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009.12.21 08:13:38 | 000,009,374 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformulartemp.htm
    [2009.12.21 07:43:16 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
    [2009.12.21 07:41:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2009.12.15 17:13:41 | 000,004,096 | -H-- | C] () -- C:\Users\Mirko\AppData\Local\keyfile3.drm
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
    [2009.12.02 17:09:54 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2009.12.02 17:09:54 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
    [2009.12.02 17:09:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2009.11.29 11:26:51 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini
    [2009.11.24 20:44:17 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009.11.24 20:44:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\074B8C1AA7.sys
    [2009.11.17 13:25:45 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
    [2009.11.17 13:24:39 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2009.11.17 08:29:55 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
    [2009.11.17 08:29:54 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
    [2009.11.13 13:52:03 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
    [2009.11.13 11:10:43 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009.11.10 14:42:17 | 000,007,680 | ---- | C] () -- C:\Users\Mirko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.11.08 17:40:59 | 000,007,604 | ---- | C] () -- C:\Users\Mirko\AppData\Local\Resmon.ResmonCfg
    [2009.11.07 10:49:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
    [2009.11.07 10:47:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
    [2009.11.07 10:45:19 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
    [2009.11.07 10:25:58 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2009.11.07 10:01:04 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2009.10.31 18:18:41 | 000,000,566 | ---- | C] () -- C:\ProgramData\ntuser.pol
    [2009.10.15 01:05:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
    [2009.10.15 01:02:09 | 000,000,309 | ---- | C] () -- C:\Windows\Lexstat.ini
    [2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
    [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009.07.04 07:29:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009.06.17 12:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009.04.19 13:05:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV57.sys
    [2009.04.17 08:01:05 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini
    [2009.04.07 15:25:30 | 000,039,950 | ---- | C] () -- C:\Windows\php.ini
    [2009.03.31 19:00:05 | 000,001,125 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009.03.27 05:46:21 | 000,024,085 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\UserTile.png
    [2009.03.26 18:38:47 | 000,000,490 | ---- | C] () -- C:\Windows\my.ini
    [2009.03.24 21:55:08 | 000,000,283 | ---- | C] () -- C:\Windows\netop.ini
    [2009.03.23 14:52:34 | 000,021,248 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
    [2009.03.23 14:52:34 | 000,013,568 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
    [2009.03.20 12:33:47 | 000,024,962 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
    [2009.03.19 19:32:57 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2009.03.19 17:18:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009.03.17 17:43:36 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
    [2009.03.10 21:37:34 | 000,038,434 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Access 97-2003.ADR
    [2009.02.16 10:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\Publisher4.INI
    [2009.02.10 16:20:57 | 000,000,581 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\WinHaBuLog.txt
    [2009.02.08 16:26:11 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009.02.08 16:26:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009.02.08 16:26:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009.02.07 20:43:05 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
    [2009.01.24 14:25:59 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
    [2009.01.01 13:59:56 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009.01.01 13:59:56 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2008.12.13 13:09:11 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\AA96686141.sys
    [2008.12.13 13:04:53 | 000,003,922 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2008.11.28 18:35:42 | 000,000,000 | ---- | C] () -- C:\Windows\WinPM.INI
    [2008.11.27 13:37:03 | 003,870,720 | ---- | C] () -- C:\Windows\System32\qt-mt323.dll
    [2008.11.12 01:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
    [2008.11.11 17:43:47 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2008.11.11 15:19:45 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
    [2008.11.11 15:07:35 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
    [2008.11.11 15:07:35 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
    [2008.11.11 14:59:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007.04.26 14:16:32 | 000,000,568 | ---- | C] () -- C:\Windows\ses80.ini
    [2007.02.16 00:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
    [2006.11.30 01:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
    [2006.10.09 18:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
    [2006.06.07 19:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
    [2006.03.27 17:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
    [2006.03.07 17:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
    [2002.07.03 14:03:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\WB3.dll
    [1999.12.06 23:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
     
    ========== LOP Check ==========
     
    [2011.01.17 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2009.10.31 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\AceBIT
    [2010.05.03 14:02:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Aston2
    [2010.10.26 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Auftrags-MANAGER
    [2009.11.28 03:35:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Azureus
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BinarySense
    [2011.01.17 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BitTorrent
    [2010.05.20 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BlueShot
    [2009.11.16 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Blumentals
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Bullzip
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CombiFinanz
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CompanionLink
    [2010.06.20 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformular
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DAEMON Tools Pro
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DDWidget
    [2011.01.18 00:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Desktopicon
    [2010.07.23 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\digital publishing
    [2009.12.22 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Downloaded Installations
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DriverCure
    [2010.06.12 09:41:33 | 000,000,000 | -H-D | M] -- C:\Users\Mirko\AppData\Roaming\drivers
    [2010.05.19 08:39:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\FileZilla
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Foxit
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\GST
    [2009.12.12 03:32:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\gtk-2.0
    [2010.04.20 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\hastasoft
    [2011.01.08 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\IBP
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\invendio Client
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Itsth
    [2010.04.09 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JAM Software
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JonDo
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\julitec
    [2011.01.09 16:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Local
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\LogoMaker
    [2010.09.28 00:09:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Magic Collage
    [2009.12.21 07:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAGIX
    [2009.11.11 09:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAP&GUIDE
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MiniDm
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Musicmatch
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MusicNet
    [2010.02.05 10:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Nitro PDF
    [2009.11.15 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Opera
    [2009.10.31 17:55:29 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\PeerNetworking
    [2010.01.08 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Qpur
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\ScanSoft
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Scendix Software
    [2010.01.08 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Setup
    [2009.10.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SmartTools
    [2010.06.14 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Softland
    [2009.10.31 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SolidDocuments
    [2009.11.02 16:16:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\thecleaner
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Thunderbird
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TomTom
    [2011.01.17 03:09:07 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TuneUp Software
    [2009.12.26 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Typing Assistant (German) 5.1
    [2009.11.08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uniblue
    [2010.01.08 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uninstal
    [2010.12.02 06:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Verbindungsassistent
    [2010.04.13 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Vodafone
    [2009.10.31 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Zeon
    [2011.01.10 15:11:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
    [2011.01.18 09:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E0258CAE
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0DB6FB53
    
    < End of report >
    O13 - gopher Prefix: missing
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260583483871 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\MIRKO\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{94f74c1c-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c23-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c29-471b-11df-9257-82b645f02e2e}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a4035-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{ea8dd3ca-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{f43b1fd6-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\{f43b1fd8-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk /r \??\L:) -  File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\Paragon Software\Partition Manager 9.0 Professional\bluescrn\bluescrn.exe) - C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\bluescrn.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2011.01.17 20:34:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.01.17 20:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
    [2011.01.17 20:34:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.01.17 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.01.17 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2011.01.17 16:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\123 Free Solitaire
    [2011.01.17 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\123 Free Solitaire
    [2011.01.17 03:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\TuneUp Utilities 2011
    [2011.01.17 03:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
    [2011.01.12 00:20:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011.01.12 00:20:15 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2011.01.12 00:20:15 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011.01.12 00:20:15 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2011.01.12 00:20:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011.01.12 00:20:15 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011.01.12 00:20:14 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2011.01.12 00:20:14 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011.01.12 00:20:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2011.01.12 00:20:14 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
    [2011.01.12 00:20:14 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2011.01.12 00:20:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2011.01.12 00:20:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2011.01.10 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2011.01.09 16:56:54 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\Local
    [2011.01.09 16:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DivX Plus
    [2011.01.09 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2011.01.09 07:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mirko\Desktop\LUSTIG
    [2011.01.08 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\HiYo
    [2011.01.08 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HiYo
    [2011.01.08 13:41:19 | 000,675,840 | ---- | C] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.28 20:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
    [2010.12.28 20:09:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
    [2010.12.28 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010.12.28 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010.12.28 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
    [2010.12.28 20:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010.12.28 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010.12.28 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010.12.23 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI
    [2010.12.20 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Silverlight
    [2010.12.20 01:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010.12.20 01:10:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [2010.09.28 00:07:54 | 000,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
    [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009.11.07 10:45:19 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
    [2009.11.07 10:45:18 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
    [2009.11.07 10:45:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
    [2009.11.07 10:45:17 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
    [2009.11.07 10:45:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
    [2009.11.07 10:45:17 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
    [2009.11.07 10:45:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
    [2009.11.07 10:45:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
    [2009.11.07 10:45:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
    [2009.11.07 10:45:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
    [2009.11.07 10:45:13 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
    [2006.11.24 22:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
    [2006.11.24 22:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2011.01.18 09:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
    [2011.01.18 09:05:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.01.18 08:50:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000UA.job
    [2011.01.18 01:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000Core.job
    [2011.01.18 01:05:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:31:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011.01.18 00:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.01.18 00:31:28 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011.01.17 20:34:57 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 14:44:19 | 000,000,114 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
    [2011.01.17 10:41:27 | 000,032,767 | ---- | M] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:27:33 | 000,006,087 | ---- | M] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | M] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:11:14 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | M] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.14 18:36:51 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.13 00:50:40 | 000,002,269 | ---- | M] () -- C:\Users\Mirko\Desktop\Google Chrome.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 21:05:58 | 000,842,548 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2011.01.08 21:05:58 | 000,711,012 | ---- | M] () -- C:\Windows\System32\perfh019.dat
    [2011.01.08 21:05:58 | 000,694,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2011.01.08 21:05:58 | 000,649,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.01.08 21:05:58 | 000,189,366 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2011.01.08 21:05:58 | 000,147,498 | ---- | M] () -- C:\Windows\System32\perfc019.dat
    [2011.01.08 21:05:58 | 000,146,666 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2011.01.08 21:05:58 | 000,119,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.01.08 16:29:58 | 000,051,633 | ---- | M] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:15 | 000,024,449 | ---- | M] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | M] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:15 | 000,002,080 | ---- | M] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:42 | 000,115,672 | ---- | M] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:53 | 000,227,769 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | M] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:31 | 000,013,998 | ---- | M] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.23 21:54:20 | 000,675,840 | ---- | M] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.22 15:22:00 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
    [2010.12.21 21:14:50 | 000,455,266 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2011.01.17 20:34:57 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 10:41:17 | 000,032,767 | ---- | C] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:24:14 | 000,006,087 | ---- | C] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | C] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:09:17 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | C] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.10 16:14:31 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 16:29:57 | 000,051,633 | ---- | C] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:14 | 000,024,449 | ---- | C] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | C] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:12 | 000,002,080 | ---- | C] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:39 | 000,115,672 | ---- | C] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:49 | 000,227,769 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | C] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:28 | 000,013,998 | ---- | C] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.21 21:14:42 | 000,455,266 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.09.26 19:54:44 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010.06.01 07:27:59 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
    [2010.04.20 13:17:33 | 000,000,111 | ---- | C] () -- C:\Windows\WinPlace.INI
    [2010.02.28 19:16:51 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
    [2010.02.20 14:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010.02.20 14:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010.02.08 19:15:47 | 000,000,041 | ---- | C] () -- C:\ProgramData\trfntw32.cfg
    [2010.01.19 11:33:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010.01.19 10:12:57 | 000,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater6.rbt
    [2010.01.05 08:25:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009.12.21 08:13:38 | 000,009,374 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformulartemp.htm
    [2009.12.21 07:43:16 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
    [2009.12.21 07:41:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2009.12.15 17:13:41 | 000,004,096 | -H-- | C] () -- C:\Users\Mirko\AppData\Local\keyfile3.drm
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
    [2009.12.02 17:09:54 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2009.12.02 17:09:54 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
    [2009.12.02 17:09:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2009.11.29 11:26:51 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini
    [2009.11.24 20:44:17 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009.11.24 20:44:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\074B8C1AA7.sys
    [2009.11.17 13:25:45 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
    [2009.11.17 13:24:39 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2009.11.17 08:29:55 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
    [2009.11.17 08:29:54 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
    [2009.11.13 13:52:03 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
    [2009.11.13 11:10:43 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009.11.10 14:42:17 | 000,007,680 | ---- | C] () -- C:\Users\Mirko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.11.08 17:40:59 | 000,007,604 | ---- | C] () -- C:\Users\Mirko\AppData\Local\Resmon.ResmonCfg
    [2009.11.07 10:49:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
    [2009.11.07 10:47:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
    [2009.11.07 10:45:19 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
    [2009.11.07 10:25:58 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2009.11.07 10:01:04 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2009.10.31 18:18:41 | 000,000,566 | ---- | C] () -- C:\ProgramData\ntuser.pol
    [2009.10.15 01:05:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
    [2009.10.15 01:02:09 | 000,000,309 | ---- | C] () -- C:\Windows\Lexstat.ini
    [2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
    [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009.07.04 07:29:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009.06.17 12:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009.04.19 13:05:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV57.sys
    [2009.04.17 08:01:05 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini
    [2009.04.07 15:25:30 | 000,039,950 | ---- | C] () -- C:\Windows\php.ini
    [2009.03.31 19:00:05 | 000,001,125 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009.03.27 05:46:21 | 000,024,085 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\UserTile.png
    [2009.03.26 18:38:47 | 000,000,490 | ---- | C] () -- C:\Windows\my.ini
    [2009.03.24 21:55:08 | 000,000,283 | ---- | C] () -- C:\Windows\netop.ini
    [2009.03.23 14:52:34 | 000,021,248 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
    [2009.03.23 14:52:34 | 000,013,568 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
    [2009.03.20 12:33:47 | 000,024,962 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
    [2009.03.19 19:32:57 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2009.03.19 17:18:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009.03.17 17:43:36 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
    [2009.03.10 21:37:34 | 000,038,434 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Access 97-2003.ADR
    [2009.02.16 10:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\Publisher4.INI
    [2009.02.10 16:20:57 | 000,000,581 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\WinHaBuLog.txt
    [2009.02.08 16:26:11 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009.02.08 16:26:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009.02.08 16:26:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009.02.07 20:43:05 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
    [2009.01.24 14:25:59 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
    [2009.01.01 13:59:56 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009.01.01 13:59:56 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2008.12.13 13:09:11 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\AA96686141.sys
    [2008.12.13 13:04:53 | 000,003,922 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2008.11.28 18:35:42 | 000,000,000 | ---- | C] () -- C:\Windows\WinPM.INI
    [2008.11.27 13:37:03 | 003,870,720 | ---- | C] () -- C:\Windows\System32\qt-mt323.dll
    [2008.11.12 01:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
    [2008.11.11 17:43:47 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2008.11.11 15:19:45 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
    [2008.11.11 15:07:35 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
    [2008.11.11 15:07:35 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
    [2008.11.11 14:59:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007.04.26 14:16:32 | 000,000,568 | ---- | C] () -- C:\Windows\ses80.ini
    [2007.02.16 00:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
    [2006.11.30 01:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
    [2006.10.09 18:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
    [2006.06.07 19:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
    [2006.03.27 17:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
    [2006.03.07 17:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
    [2002.07.03 14:03:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\WB3.dll
    [1999.12.06 23:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
     
    ========== LOP Check ==========
     
    [2011.01.17 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2009.10.31 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\AceBIT
    [2010.05.03 14:02:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Aston2
    [2010.10.26 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Auftrags-MANAGER
    [2009.11.28 03:35:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Azureus
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BinarySense
    [2011.01.17 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BitTorrent
    [2010.05.20 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BlueShot
    [2009.11.16 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Blumentals
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Bullzip
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CombiFinanz
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CompanionLink
    [2010.06.20 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformular
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DAEMON Tools Pro
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DDWidget
    [2011.01.18 00:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Desktopicon
    [2010.07.23 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\digital publishing
    [2009.12.22 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Downloaded Installations
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DriverCure
    [2010.06.12 09:41:33 | 000,000,000 | -H-D | M] -- C:\Users\Mirko\AppData\Roaming\drivers
    [2010.05.19 08:39:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\FileZilla
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Foxit
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\GST
    [2009.12.12 03:32:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\gtk-2.0
    [2010.04.20 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\hastasoft
    [2011.01.08 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\IBP
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\invendio Client
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Itsth
    [2010.04.09 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JAM Software
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JonDo
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\julitec
    [2011.01.09 16:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Local
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\LogoMaker
    [2010.09.28 00:09:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Magic Collage
    [2009.12.21 07:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAGIX
    [2009.11.11 09:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAP&GUIDE
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MiniDm
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Musicmatch
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MusicNet
    [2010.02.05 10:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Nitro PDF
    [2009.11.15 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Opera
    [2009.10.31 17:55:29 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\PeerNetworking
    [2010.01.08 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Qpur
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\ScanSoft
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Scendix Software
    [2010.01.08 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Setup
    [2009.10.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SmartTools
    [2010.06.14 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Softland
    [2009.10.31 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SolidDocuments
    [2009.11.02 16:16:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\thecleaner
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Thunderbird
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TomTom
    [2011.01.17 03:09:07 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TuneUp Software
    [2009.12.26 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Typing Assistant (German) 5.1
    [2009.11.08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uniblue
    [2010.01.08 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uninstal
    [2010.12.02 06:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Verbindungsassistent
    [2010.04.13 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Vodafone
    [2009.10.31 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Zeon
    [2011.01.10 15:11:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
    [2011.01.18 09:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E0258CAE
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0DB6FB53
    
    < End of report >

  7. #7
    Einsteiger
    Registriert seit
    17.01.2011
    Beiträge
    19

    AW: Hijack.log

    Code:
     
    OTL logfile created on: 18.01.2011 09:29:40 - Run 1
    OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\Mirko\Downloads
     Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
    3,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
    Paging file location(s):  [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 79,05 Gb Total Space | 21,35 Gb Free Space | 27,00% Space Free | Partition Type: NTFS
    Drive E: | 23,69 Gb Total Space | 6,06 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
    Drive G: | 21,86 Gb Total Space | 11,05 Gb Free Space | 50,54% Space Free | Partition Type: NTFS
    Drive H: | 15,66 Mb Total Space | 5,91 Mb Free Space | 37,77% Space Free | Partition Type: NTFS
    Drive I: | 10,98 Gb Total Space | 5,36 Gb Free Space | 48,81% Space Free | Partition Type: NTFS
    Drive J: | 1,89 Gb Total Space | 1,83 Gb Free Space | 97,05% Space Free | Partition Type: FAT
     
    Computer Name: MIRKOLAPTOP | User Name: Mirko | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2011.01.18 09:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
    PRC - [2011.01.15 16:50:46 | 000,238,960 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe
    PRC - [2010.12.14 15:34:20 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    PRC - [2010.12.14 15:32:52 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    PRC - [2010.12.11 01:11:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010.12.01 08:31:05 | 000,330,696 | ---- | M] () -- C:\Program Files\Verbindungsassistent\WTGService.exe
    PRC - [2010.10.23 00:45:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Mirko\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010.08.25 19:45:38 | 000,179,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
    PRC - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
    PRC - [2009.12.20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe
    PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
    PRC - [2009.12.16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009.07.14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
    PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009.05.20 07:12:06 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
    PRC - [2008.09.29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    PRC - [2008.09.29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2008.09.29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2008.09.29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    PRC - [2008.09.29 09:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2008.09.29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    PRC - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008.05.22 18:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
    PRC - [2008.04.17 16:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
    PRC - [2008.03.14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2008.03.14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2007.07.05 08:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    PRC - [2007.02.08 23:50:33 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2011.01.18 09:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
    MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009.07.14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
    SRV - File not found [On_Demand | Stopped] --  -- (BroadCamService)
    SRV - [2010.12.20 01:10:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010.12.14 15:32:52 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2010.12.14 15:30:46 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2010.12.01 08:31:05 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
    SRV - [2010.11.02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
    SRV - [2009.12.20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
    SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
    SRV - [2009.12.16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2009.11.18 14:31:36 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2009.11.14 12:02:33 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009.11.01 08:28:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
    SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009.05.20 07:12:06 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
    SRV - [2008.09.29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2008.09.29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2008.09.29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2008.09.29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008.03.14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007.02.08 23:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - [2010.08.25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2010.08.19 21:08:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2010.06.10 02:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009.11.18 14:09:08 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
    DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009.09.23 02:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2009.09.23 02:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2009.09.23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2009.09.23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)
    DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009.07.14 00:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)
    DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)
    DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)
    DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009.07.13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009.04.20 16:13:53 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
    DRV - [2009.04.19 13:05:54 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV57.sys -- (SSHDRV57)
    DRV - [2009.01.11 18:18:38 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008.09.29 09:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008.09.29 09:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2008.09.29 09:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2008.09.29 09:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2008.09.29 09:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008.09.29 09:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2008.07.24 10:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008.06.05 17:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
    DRV - [2008.04.18 00:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008.04.04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)
    DRV - [2008.02.15 15:52:02 | 000,018,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\biont_bs.sys -- (BioNT_BS)
    DRV - [2007.11.06 09:58:50 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
    DRV - [2007.11.06 09:58:50 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
    DRV - [2007.11.03 12:21:02 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2007.10.26 22:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006.11.14 10:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849855
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
     
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.12 09:04:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.09 16:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.09 16:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.28 20:07:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 16:56:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.28 20:07:33 | 000,000,000 | ---D | M]
     
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions
    [2009.10.15 10:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009.06.17 14:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2010.06.08 05:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010.01.19 09:44:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20}
    [2010.05.17 11:59:51 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2011.01.18 00:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions
    [2010.04.29 06:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010.09.10 19:43:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011.01.17 16:43:15 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
    [2011.01.06 16:11:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011.01.06 16:11:27 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
    [2010.02.03 10:51:45 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
    [2011.01.17 16:43:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\engine@conduit.com
    [2010.05.17 11:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\9owkdpe0.default\extensions
    [2010.05.17 11:59:55 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\9owkdpe0.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.05.17 11:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\p71gb2pa.default\extensions
    [2010.05.17 11:59:56 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\p71gb2pa.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.08.23 14:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009.10.31 17:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    [2009.10.31 17:23:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
    [2010.05.24 23:16:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010.08.23 14:40:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2008.09.29 09:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2008.10.19 10:58:22 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
    [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2008.09.10 02:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
    [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010.09.20 23:04:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2010.06.01 07:27:52 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    [2010.09.20 23:04:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
    [2010.09.20 23:04:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2009.11.01 12:27:13 | 000,002,817 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SiteVacuum.xml
    [2010.09.20 23:04:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2010.09.20 23:04:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.11.12 09:38:07 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O1 - Hosts: 127.0.0.1				activate.adobe.com
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (T1) - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\Program Files\Langenscheidt T1 6_0\Engine\mte\StdAlone\T1IE.dll (Comprendium Lingua GmbH.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260583483871 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\MIRKO\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{94f74c1c-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c23-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c29-471b-11df-9257-82b645f02e2e}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a4035-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{ea8dd3ca-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{f43b1fd6-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\{f43b1fd8-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk /r \??\L:) -  File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\Paragon Software\Partition Manager 9.0 Professional\bluescrn\bluescrn.exe) - C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\bluescrn.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2011.01.17 20:34:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.01.17 20:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
    [2011.01.17 20:34:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.01.17 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.01.17 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2011.01.17 16:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\123 Free Solitaire
    [2011.01.17 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\123 Free Solitaire
    [2011.01.17 03:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\TuneUp Utilities 2011
    [2011.01.17 03:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
    [2011.01.12 00:20:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011.01.12 00:20:15 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2011.01.12 00:20:15 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011.01.12 00:20:15 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2011.01.12 00:20:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011.01.12 00:20:15 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011.01.12 00:20:14 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2011.01.12 00:20:14 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011.01.12 00:20:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2011.01.12 00:20:14 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
    [2011.01.12 00:20:14 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2011.01.12 00:20:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2011.01.12 00:20:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2011.01.10 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2011.01.09 16:56:54 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\Local
    [2011.01.09 16:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DivX Plus
    [2011.01.09 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2011.01.09 07:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mirko\Desktop\LUSTIG
    [2011.01.08 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\HiYo
    [2011.01.08 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HiYo
    [2011.01.08 13:41:19 | 000,675,840 | ---- | C] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.28 20:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
    [2010.12.28 20:09:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
    [2010.12.28 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010.12.28 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010.12.28 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
    [2010.12.28 20:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010.12.28 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010.12.28 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010.12.23 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI
    [2010.12.20 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Silverlight
    [2010.12.20 01:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010.12.20 01:10:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [2010.09.28 00:07:54 | 000,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
    [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009.11.07 10:45:19 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
    [2009.11.07 10:45:18 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
    [2009.11.07 10:45:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
    [2009.11.07 10:45:17 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
    [2009.11.07 10:45:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
    [2009.11.07 10:45:17 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
    [2009.11.07 10:45:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
    [2009.11.07 10:45:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
    [2009.11.07 10:45:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
    [2009.11.07 10:45:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
    [2009.11.07 10:45:13 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
    [2006.11.24 22:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
    [2006.11.24 22:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2011.01.18 09:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
    [2011.01.18 09:05:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.01.18 08:50:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000UA.job
    [2011.01.18 01:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000Core.job
    [2011.01.18 01:05:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:31:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011.01.18 00:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.01.18 00:31:28 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011.01.17 20:34:57 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 14:44:19 | 000,000,114 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
    [2011.01.17 10:41:27 | 000,032,767 | ---- | M] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:27:33 | 000,006,087 | ---- | M] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | M] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:11:14 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | M] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.14 18:36:51 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.13 00:50:40 | 000,002,269 | ---- | M] () -- C:\Users\Mirko\Desktop\Google Chrome.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 21:05:58 | 000,842,548 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2011.01.08 21:05:58 | 000,711,012 | ---- | M] () -- C:\Windows\System32\perfh019.dat
    [2011.01.08 21:05:58 | 000,694,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2011.01.08 21:05:58 | 000,649,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.01.08 21:05:58 | 000,189,366 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2011.01.08 21:05:58 | 000,147,498 | ---- | M] () -- C:\Windows\System32\perfc019.dat
    [2011.01.08 21:05:58 | 000,146,666 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2011.01.08 21:05:58 | 000,119,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.01.08 16:29:58 | 000,051,633 | ---- | M] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:15 | 000,024,449 | ---- | M] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | M] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:15 | 000,002,080 | ---- | M] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:42 | 000,115,672 | ---- | M] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:53 | 000,227,769 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | M] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:31 | 000,013,998 | ---- | M] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.23 21:54:20 | 000,675,840 | ---- | M] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.22 15:22:00 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
    [2010.12.21 21:14:50 | 000,455,266 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2011.01.17 20:34:57 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 10:41:17 | 000,032,767 | ---- | C] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:24:14 | 000,006,087 | ---- | C] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | C] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:09:17 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | C] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.10 16:14:31 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 16:29:57 | 000,051,633 | ---- | C] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:14 | 000,024,449 | ---- | C] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | C] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:12 | 000,002,080 | ---- | C] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:39 | 000,115,672 | ---- | C] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:49 | 000,227,769 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | C] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:28 | 000,013,998 | ---- | C] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.21 21:14:42 | 000,455,266 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.09.26 19:54:44 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010.06.01 07:27:59 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
    [2010.04.20 13:17:33 | 000,000,111 | ---- | C] () -- C:\Windows\WinPlace.INI
    [2010.02.28 19:16:51 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
    [2010.02.20 14:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010.02.20 14:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010.02.08 19:15:47 | 000,000,041 | ---- | C] () -- C:\ProgramData\trfntw32.cfg
    [2010.01.19 11:33:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010.01.19 10:12:57 | 000,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater6.rbt
    [2010.01.05 08:25:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009.12.21 08:13:38 | 000,009,374 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformulartemp.htm
    [2009.12.21 07:43:16 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
    [2009.12.21 07:41:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2009.12.15 17:13:41 | 000,004,096 | -H-- | C] () -- C:\Users\Mirko\AppData\Local\keyfile3.drm
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
    [2009.12.02 17:09:54 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2009.12.02 17:09:54 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
    [2009.12.02 17:09:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2009.11.29 11:26:51 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini
    [2009.11.24 20:44:17 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009.11.24 20:44:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\074B8C1AA7.sys
    [2009.11.17 13:25:45 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
    [2009.11.17 13:24:39 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2009.11.17 08:29:55 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
    [2009.11.17 08:29:54 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
    [2009.11.13 13:52:03 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
    [2009.11.13 11:10:43 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009.11.10 14:42:17 | 000,007,680 | ---- | C] () -- C:\Users\Mirko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.11.08 17:40:59 | 000,007,604 | ---- | C] () -- C:\Users\Mirko\AppData\Local\Resmon.ResmonCfg
    [2009.11.07 10:49:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
    [2009.11.07 10:47:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
    [2009.11.07 10:45:19 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
    [2009.11.07 10:25:58 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2009.11.07 10:01:04 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2009.10.31 18:18:41 | 000,000,566 | ---- | C] () -- C:\ProgramData\ntuser.pol
    [2009.10.15 01:05:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
    [2009.10.15 01:02:09 | 000,000,309 | ---- | C] () -- C:\Windows\Lexstat.ini
    [2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
    [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009.07.04 07:29:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009.06.17 12:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009.04.19 13:05:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV57.sys
    [2009.04.17 08:01:05 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini
    [2009.04.07 15:25:30 | 000,039,950 | ---- | C] () -- C:\Windows\php.ini
    [2009.03.31 19:00:05 | 000,001,125 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009.03.27 05:46:21 | 000,024,085 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\UserTile.png
    [2009.03.26 18:38:47 | 000,000,490 | ---- | C] () -- C:\Windows\my.ini
    [2009.03.24 21:55:08 | 000,000,283 | ---- | C] () -- C:\Windows\netop.ini
    [2009.03.23 14:52:34 | 000,021,248 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
    [2009.03.23 14:52:34 | 000,013,568 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
    [2009.03.20 12:33:47 | 000,024,962 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
    [2009.03.19 19:32:57 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2009.03.19 17:18:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009.03.17 17:43:36 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
    [2009.03.10 21:37:34 | 000,038,434 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Access 97-2003.ADR
    [2009.02.16 10:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\Publisher4.INI
    [2009.02.10 16:20:57 | 000,000,581 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\WinHaBuLog.txt
    [2009.02.08 16:26:11 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009.02.08 16:26:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009.02.08 16:26:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009.02.07 20:43:05 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
    [2009.01.24 14:25:59 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
    [2009.01.01 13:59:56 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009.01.01 13:59:56 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2008.12.13 13:09:11 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\AA96686141.sys
    [2008.12.13 13:04:53 | 000,003,922 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2008.11.28 18:35:42 | 000,000,000 | ---- | C] () -- C:\Windows\WinPM.INI
    [2008.11.27 13:37:03 | 003,870,720 | ---- | C] () -- C:\Windows\System32\qt-mt323.dll
    [2008.11.12 01:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
    [2008.11.11 17:43:47 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2008.11.11 15:19:45 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
    [2008.11.11 15:07:35 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
    [2008.11.11 15:07:35 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
    [2008.11.11 14:59:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007.04.26 14:16:32 | 000,000,568 | ---- | C] () -- C:\Windows\ses80.ini
    [2007.02.16 00:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
    [2006.11.30 01:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
    [2006.10.09 18:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
    [2006.06.07 19:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
    [2006.03.27 17:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
    [2006.03.07 17:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
    [2002.07.03 14:03:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\WB3.dll
    [1999.12.06 23:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
     
    ========== LOP Check ==========
     
    [2011.01.17 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2009.10.31 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\AceBIT
    [2010.05.03 14:02:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Aston2
    [2010.10.26 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Auftrags-MANAGER
    [2009.11.28 03:35:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Azureus
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BinarySense
    [2011.01.17 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BitTorrent
    [2010.05.20 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BlueShot
    [2009.11.16 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Blumentals
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Bullzip
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CombiFinanz
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CompanionLink
    [2010.06.20 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformular
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DAEMON Tools Pro
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DDWidget
    [2011.01.18 00:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Desktopicon
    [2010.07.23 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\digital publishing
    [2009.12.22 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Downloaded Installations
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DriverCure
    [2010.06.12 09:41:33 | 000,000,000 | -H-D | M] -- C:\Users\Mirko\AppData\Roaming\drivers
    [2010.05.19 08:39:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\FileZilla
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Foxit
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\GST
    [2009.12.12 03:32:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\gtk-2.0
    [2010.04.20 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\hastasoft
    [2011.01.08 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\IBP
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\invendio Client
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Itsth
    [2010.04.09 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JAM Software
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JonDo
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\julitec
    [2011.01.09 16:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Local
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\LogoMaker
    [2010.09.28 00:09:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Magic Collage
    [2009.12.21 07:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAGIX
    [2009.11.11 09:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAP&GUIDE
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MiniDm
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Musicmatch
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MusicNet
    [2010.02.05 10:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Nitro PDF
    [2009.11.15 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Opera
    [2009.10.31 17:55:29 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\PeerNetworking
    [2010.01.08 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Qpur
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\ScanSoft
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Scendix Software
    [2010.01.08 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Setup
    [2009.10.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SmartTools
    [2010.06.14 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Softland
    [2009.10.31 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SolidDocuments
    [2009.11.02 16:16:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\thecleaner
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Thunderbird
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TomTom
    [2011.01.17 03:09:07 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TuneUp Software
    [2009.12.26 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Typing Assistant (German) 5.1
    [2009.11.08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uniblue
    [2010.01.08 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uninstal
    [2010.12.02 06:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Verbindungsassistent
    [2010.04.13 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Vodafone
    [2009.10.31 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Zeon
    [2011.01.10 15:11:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
    [2011.01.18 09:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E0258CAE
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0DB6FB53
    
    < End of report >
    O13 - gopher Prefix: missing
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260583483871 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\MIRKO\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{94f74c1c-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c23-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c29-471b-11df-9257-82b645f02e2e}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a4035-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{ea8dd3ca-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{f43b1fd6-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\{f43b1fd8-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk /r \??\L:) -  File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\Paragon Software\Partition Manager 9.0 Professional\bluescrn\bluescrn.exe) - C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\bluescrn.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2011.01.17 20:34:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.01.17 20:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
    [2011.01.17 20:34:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.01.17 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.01.17 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2011.01.17 16:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\123 Free Solitaire
    [2011.01.17 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\123 Free Solitaire
    [2011.01.17 03:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\TuneUp Utilities 2011
    [2011.01.17 03:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
    [2011.01.12 00:20:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011.01.12 00:20:15 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2011.01.12 00:20:15 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011.01.12 00:20:15 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2011.01.12 00:20:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011.01.12 00:20:15 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011.01.12 00:20:14 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2011.01.12 00:20:14 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011.01.12 00:20:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2011.01.12 00:20:14 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
    [2011.01.12 00:20:14 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2011.01.12 00:20:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2011.01.12 00:20:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2011.01.10 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2011.01.09 16:56:54 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\Local
    [2011.01.09 16:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DivX Plus
    [2011.01.09 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2011.01.09 07:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mirko\Desktop\LUSTIG
    [2011.01.08 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\HiYo
    [2011.01.08 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HiYo
    [2011.01.08 13:41:19 | 000,675,840 | ---- | C] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.28 20:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
    [2010.12.28 20:09:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
    [2010.12.28 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010.12.28 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010.12.28 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
    [2010.12.28 20:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010.12.28 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010.12.28 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010.12.23 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI
    [2010.12.20 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Silverlight
    [2010.12.20 01:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010.12.20 01:10:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [2010.09.28 00:07:54 | 000,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
    [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009.11.07 10:45:19 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
    [2009.11.07 10:45:18 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
    [2009.11.07 10:45:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
    [2009.11.07 10:45:17 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
    [2009.11.07 10:45:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
    [2009.11.07 10:45:17 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
    [2009.11.07 10:45:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
    [2009.11.07 10:45:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
    [2009.11.07 10:45:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
    [2009.11.07 10:45:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
    [2009.11.07 10:45:13 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
    [2006.11.24 22:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
    [2006.11.24 22:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2011.01.18 09:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
    [2011.01.18 09:05:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.01.18 08:50:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000UA.job
    [2011.01.18 01:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000Core.job
    [2011.01.18 01:05:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:31:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011.01.18 00:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.01.18 00:31:28 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011.01.17 20:34:57 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 14:44:19 | 000,000,114 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
    [2011.01.17 10:41:27 | 000,032,767 | ---- | M] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:27:33 | 000,006,087 | ---- | M] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | M] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:11:14 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | M] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.14 18:36:51 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.13 00:50:40 | 000,002,269 | ---- | M] () -- C:\Users\Mirko\Desktop\Google Chrome.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 21:05:58 | 000,842,548 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2011.01.08 21:05:58 | 000,711,012 | ---- | M] () -- C:\Windows\System32\perfh019.dat
    [2011.01.08 21:05:58 | 000,694,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2011.01.08 21:05:58 | 000,649,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.01.08 21:05:58 | 000,189,366 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2011.01.08 21:05:58 | 000,147,498 | ---- | M] () -- C:\Windows\System32\perfc019.dat
    [2011.01.08 21:05:58 | 000,146,666 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2011.01.08 21:05:58 | 000,119,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.01.08 16:29:58 | 000,051,633 | ---- | M] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:15 | 000,024,449 | ---- | M] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | M] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:15 | 000,002,080 | ---- | M] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:42 | 000,115,672 | ---- | M] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:53 | 000,227,769 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | M] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:31 | 000,013,998 | ---- | M] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.23 21:54:20 | 000,675,840 | ---- | M] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.22 15:22:00 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
    [2010.12.21 21:14:50 | 000,455,266 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2011.01.17 20:34:57 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 10:41:17 | 000,032,767 | ---- | C] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:24:14 | 000,006,087 | ---- | C] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | C] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:09:17 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | C] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.10 16:14:31 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 16:29:57 | 000,051,633 | ---- | C] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:14 | 000,024,449 | ---- | C] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | C] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:12 | 000,002,080 | ---- | C] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:39 | 000,115,672 | ---- | C] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:49 | 000,227,769 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | C] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:28 | 000,013,998 | ---- | C] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.21 21:14:42 | 000,455,266 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.09.26 19:54:44 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010.06.01 07:27:59 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
    [2010.04.20 13:17:33 | 000,000,111 | ---- | C] () -- C:\Windows\WinPlace.INI
    [2010.02.28 19:16:51 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
    [2010.02.20 14:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010.02.20 14:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010.02.08 19:15:47 | 000,000,041 | ---- | C] () -- C:\ProgramData\trfntw32.cfg
    [2010.01.19 11:33:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010.01.19 10:12:57 | 000,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater6.rbt
    [2010.01.05 08:25:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009.12.21 08:13:38 | 000,009,374 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformulartemp.htm
    [2009.12.21 07:43:16 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
    [2009.12.21 07:41:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2009.12.15 17:13:41 | 000,004,096 | -H-- | C] () -- C:\Users\Mirko\AppData\Local\keyfile3.drm
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
    [2009.12.02 17:09:54 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2009.12.02 17:09:54 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
    [2009.12.02 17:09:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2009.11.29 11:26:51 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini
    [2009.11.24 20:44:17 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009.11.24 20:44:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\074B8C1AA7.sys
    [2009.11.17 13:25:45 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
    [2009.11.17 13:24:39 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2009.11.17 08:29:55 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
    [2009.11.17 08:29:54 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
    [2009.11.13 13:52:03 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
    [2009.11.13 11:10:43 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009.11.10 14:42:17 | 000,007,680 | ---- | C] () -- C:\Users\Mirko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.11.08 17:40:59 | 000,007,604 | ---- | C] () -- C:\Users\Mirko\AppData\Local\Resmon.ResmonCfg
    [2009.11.07 10:49:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
    [2009.11.07 10:47:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
    [2009.11.07 10:45:19 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
    [2009.11.07 10:25:58 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2009.11.07 10:01:04 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2009.10.31 18:18:41 | 000,000,566 | ---- | C] () -- C:\ProgramData\ntuser.pol
    [2009.10.15 01:05:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
    [2009.10.15 01:02:09 | 000,000,309 | ---- | C] () -- C:\Windows\Lexstat.ini
    [2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
    [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009.07.04 07:29:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009.06.17 12:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009.04.19 13:05:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV57.sys
    [2009.04.17 08:01:05 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini
    [2009.04.07 15:25:30 | 000,039,950 | ---- | C] () -- C:\Windows\php.ini
    [2009.03.31 19:00:05 | 000,001,125 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009.03.27 05:46:21 | 000,024,085 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\UserTile.png
    [2009.03.26 18:38:47 | 000,000,490 | ---- | C] () -- C:\Windows\my.ini
    [2009.03.24 21:55:08 | 000,000,283 | ---- | C] () -- C:\Windows\netop.ini
    [2009.03.23 14:52:34 | 000,021,248 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
    [2009.03.23 14:52:34 | 000,013,568 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
    [2009.03.20 12:33:47 | 000,024,962 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
    [2009.03.19 19:32:57 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2009.03.19 17:18:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009.03.17 17:43:36 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
    [2009.03.10 21:37:34 | 000,038,434 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Access 97-2003.ADR
    [2009.02.16 10:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\Publisher4.INI
    [2009.02.10 16:20:57 | 000,000,581 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\WinHaBuLog.txt
    [2009.02.08 16:26:11 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009.02.08 16:26:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009.02.08 16:26:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009.02.07 20:43:05 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
    [2009.01.24 14:25:59 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
    [2009.01.01 13:59:56 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009.01.01 13:59:56 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2008.12.13 13:09:11 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\AA96686141.sys
    [2008.12.13 13:04:53 | 000,003,922 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2008.11.28 18:35:42 | 000,000,000 | ---- | C] () -- C:\Windows\WinPM.INI
    [2008.11.27 13:37:03 | 003,870,720 | ---- | C] () -- C:\Windows\System32\qt-mt323.dll
    [2008.11.12 01:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
    [2008.11.11 17:43:47 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2008.11.11 15:19:45 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
    [2008.11.11 15:07:35 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
    [2008.11.11 15:07:35 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
    [2008.11.11 14:59:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007.04.26 14:16:32 | 000,000,568 | ---- | C] () -- C:\Windows\ses80.ini
    [2007.02.16 00:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
    [2006.11.30 01:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
    [2006.10.09 18:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
    [2006.06.07 19:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
    [2006.03.27 17:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
    [2006.03.07 17:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
    [2002.07.03 14:03:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\WB3.dll
    [1999.12.06 23:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
     
    ========== LOP Check ==========
     
    [2011.01.17 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2009.10.31 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\AceBIT
    [2010.05.03 14:02:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Aston2
    [2010.10.26 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Auftrags-MANAGER
    [2009.11.28 03:35:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Azureus
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BinarySense
    [2011.01.17 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BitTorrent
    [2010.05.20 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BlueShot
    [2009.11.16 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Blumentals
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Bullzip
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CombiFinanz
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CompanionLink
    [2010.06.20 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformular
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DAEMON Tools Pro
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DDWidget
    [2011.01.18 00:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Desktopicon
    [2010.07.23 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\digital publishing
    [2009.12.22 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Downloaded Installations
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DriverCure
    [2010.06.12 09:41:33 | 000,000,000 | -H-D | M] -- C:\Users\Mirko\AppData\Roaming\drivers
    [2010.05.19 08:39:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\FileZilla
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Foxit
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\GST
    [2009.12.12 03:32:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\gtk-2.0
    [2010.04.20 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\hastasoft
    [2011.01.08 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\IBP
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\invendio Client
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Itsth
    [2010.04.09 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JAM Software
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JonDo
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\julitec
    [2011.01.09 16:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Local
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\LogoMaker
    [2010.09.28 00:09:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Magic Collage
    [2009.12.21 07:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAGIX
    [2009.11.11 09:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAP&GUIDE
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MiniDm
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Musicmatch
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MusicNet
    [2010.02.05 10:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Nitro PDF
    [2009.11.15 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Opera
    [2009.10.31 17:55:29 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\PeerNetworking
    [2010.01.08 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Qpur
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\ScanSoft
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Scendix Software
    [2010.01.08 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Setup
    [2009.10.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SmartTools
    [2010.06.14 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Softland
    [2009.10.31 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SolidDocuments
    [2009.11.02 16:16:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\thecleaner
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Thunderbird
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TomTom
    [2011.01.17 03:09:07 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TuneUp Software
    [2009.12.26 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Typing Assistant (German) 5.1
    [2009.11.08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uniblue
    [2010.01.08 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uninstal
    [2010.12.02 06:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Verbindungsassistent
    [2010.04.13 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Vodafone
    [2009.10.31 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Zeon
    [2011.01.10 15:11:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
    [2011.01.18 09:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E0258CAE
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0DB6FB53
    
    < End of report >

  8. #8
    Einsteiger
    Registriert seit
    17.01.2011
    Beiträge
    19

    AW: Hijack.log

    Ich hatte vergessen, die Häkchen zu setzen bei LOP und Purity

    Code:
     
    OTL logfile created on: 18.01.2011 09:50:12 - Run 2
    OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\Mirko\Downloads
     Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
    3,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File free
    Paging file location(s):  [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 79,05 Gb Total Space | 21,35 Gb Free Space | 27,00% Space Free | Partition Type: NTFS
    Drive E: | 23,69 Gb Total Space | 6,06 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
    Drive G: | 21,86 Gb Total Space | 11,05 Gb Free Space | 50,54% Space Free | Partition Type: NTFS
    Drive H: | 15,66 Mb Total Space | 5,91 Mb Free Space | 37,77% Space Free | Partition Type: NTFS
    Drive I: | 10,98 Gb Total Space | 5,36 Gb Free Space | 48,81% Space Free | Partition Type: NTFS
    Drive J: | 1,89 Gb Total Space | 1,83 Gb Free Space | 97,05% Space Free | Partition Type: FAT
     
    Computer Name: MIRKOLAPTOP | User Name: Mirko | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2011.01.18 09:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
    PRC - [2011.01.15 16:50:46 | 000,238,960 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe
    PRC - [2010.12.14 15:34:20 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    PRC - [2010.12.14 15:32:52 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    PRC - [2010.12.11 01:11:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010.12.01 08:31:05 | 000,330,696 | ---- | M] () -- C:\Program Files\Verbindungsassistent\WTGService.exe
    PRC - [2010.10.23 00:45:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Mirko\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010.08.25 19:45:38 | 000,179,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
    PRC - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
    PRC - [2009.12.20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe
    PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
    PRC - [2009.12.16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009.05.20 07:12:06 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
    PRC - [2008.09.29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    PRC - [2008.09.29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2008.09.29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2008.09.29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    PRC - [2008.09.29 09:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2008.09.29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    PRC - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008.05.22 18:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
    PRC - [2008.04.17 16:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
    PRC - [2008.03.14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2008.03.14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2007.07.05 08:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    PRC - [2007.02.08 23:50:33 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2011.01.18 09:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
    MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
    SRV - File not found [On_Demand | Stopped] --  -- (BroadCamService)
    SRV - [2010.12.20 01:10:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010.12.14 15:32:52 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2010.12.14 15:30:46 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2010.12.01 08:31:05 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
    SRV - [2010.11.02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
    SRV - [2009.12.20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
    SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
    SRV - [2009.12.16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2009.11.18 14:31:36 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2009.11.14 12:02:33 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009.11.01 08:28:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
    SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009.05.20 07:12:06 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
    SRV - [2008.09.29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2008.09.29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2008.09.29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2008.09.29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008.03.14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007.02.08 23:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - [2010.08.25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2010.08.19 21:08:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2010.06.10 02:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009.11.18 14:09:08 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
    DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009.09.23 02:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2009.09.23 02:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2009.09.23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2009.09.23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)
    DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009.07.14 00:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)
    DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)
    DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)
    DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009.07.13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009.04.20 16:13:53 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
    DRV - [2009.04.19 13:05:54 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV57.sys -- (SSHDRV57)
    DRV - [2009.01.11 18:18:38 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008.09.29 09:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008.09.29 09:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2008.09.29 09:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2008.09.29 09:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2008.09.29 09:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008.09.29 09:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2008.07.24 10:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008.06.05 17:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
    DRV - [2008.04.18 00:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008.04.04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)
    DRV - [2008.02.15 15:52:02 | 000,018,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\biont_bs.sys -- (BioNT_BS)
    DRV - [2007.11.06 09:58:50 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
    DRV - [2007.11.06 09:58:50 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
    DRV - [2007.11.03 12:21:02 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2007.10.26 22:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006.11.14 10:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849855
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
     
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.12 09:04:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.09 16:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.09 16:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.28 20:07:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 16:56:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.28 20:07:33 | 000,000,000 | ---D | M]
     
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions
    [2009.10.15 10:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009.06.17 14:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2010.06.08 05:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010.01.19 09:44:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20}
    [2010.05.17 11:59:51 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2011.01.18 00:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions
    [2010.04.29 06:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010.09.10 19:43:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011.01.17 16:43:15 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
    [2011.01.06 16:11:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011.01.06 16:11:27 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
    [2010.02.03 10:51:45 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
    [2011.01.17 16:43:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\engine@conduit.com
    [2010.05.17 11:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\9owkdpe0.default\extensions
    [2010.05.17 11:59:55 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\9owkdpe0.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.05.17 11:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\p71gb2pa.default\extensions
    [2010.05.17 11:59:56 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\p71gb2pa.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.08.23 14:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009.10.31 17:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    [2009.10.31 17:23:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
    [2010.05.24 23:16:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010.08.23 14:40:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2008.09.29 09:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2008.10.19 10:58:22 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
    [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2008.09.10 02:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
    [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010.09.20 23:04:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2010.06.01 07:27:52 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    [2010.09.20 23:04:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
    [2010.09.20 23:04:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2009.11.01 12:27:13 | 000,002,817 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SiteVacuum.xml
    [2010.09.20 23:04:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2010.09.20 23:04:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.11.12 09:38:07 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O1 - Hosts: 127.0.0.1				activate.adobe.com
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (T1) - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\Program Files\Langenscheidt T1 6_0\Engine\mte\StdAlone\T1IE.dll (Comprendium Lingua GmbH.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260583483871 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\MIRKO\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{94f74c1c-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c23-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c29-471b-11df-9257-82b645f02e2e}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a4035-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{ea8dd3ca-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{f43b1fd6-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\{f43b1fd8-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk /r \??\L:) -  File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\Paragon Software\Partition Manager 9.0 Professional\bluescrn\bluescrn.exe) - C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\bluescrn.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2011.01.17 20:34:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.01.17 20:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
    [2011.01.17 20:34:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.01.17 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.01.17 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2011.01.17 16:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\123 Free Solitaire
    [2011.01.17 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\123 Free Solitaire
    [2011.01.17 03:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\TuneUp Utilities 2011
    [2011.01.17 03:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
    [2011.01.12 00:20:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011.01.12 00:20:15 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2011.01.12 00:20:15 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011.01.12 00:20:15 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2011.01.12 00:20:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011.01.12 00:20:15 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011.01.12 00:20:14 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2011.01.12 00:20:14 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011.01.12 00:20:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2011.01.12 00:20:14 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
    [2011.01.12 00:20:14 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2011.01.12 00:20:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2011.01.12 00:20:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2011.01.10 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2011.01.09 16:56:54 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\Local
    [2011.01.09 16:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DivX Plus
    [2011.01.09 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2011.01.09 07:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mirko\Desktop\LUSTIG
    [2011.01.08 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\HiYo
    [2011.01.08 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HiYo
    [2011.01.08 13:41:19 | 000,675,840 | ---- | C] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.28 20:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
    [2010.12.28 20:09:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
    [2010.12.28 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010.12.28 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010.12.28 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
    [2010.12.28 20:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010.12.28 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010.12.28 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010.12.23 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI
    [2010.12.20 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Silverlight
    [2010.12.20 01:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010.12.20 01:10:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [2010.09.28 00:07:54 | 000,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
    [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009.11.07 10:45:19 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
    [2009.11.07 10:45:18 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
    [2009.11.07 10:45:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
    [2009.11.07 10:45:17 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
    [2009.11.07 10:45:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
    [2009.11.07 10:45:17 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
    [2009.11.07 10:45:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
    [2009.11.07 10:45:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
    [2009.11.07 10:45:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
    [2009.11.07 10:45:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
    [2009.11.07 10:45:13 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
    [2006.11.24 22:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
    [2006.11.24 22:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2011.01.18 09:50:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000UA.job
    [2011.01.18 09:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
    [2011.01.18 09:05:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.01.18 01:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000Core.job
    [2011.01.18 01:05:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:31:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011.01.18 00:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.01.18 00:31:28 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011.01.17 20:34:57 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 14:44:19 | 000,000,114 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
    [2011.01.17 10:41:27 | 000,032,767 | ---- | M] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:27:33 | 000,006,087 | ---- | M] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | M] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:11:14 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | M] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.14 18:36:51 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.13 00:50:40 | 000,002,269 | ---- | M] () -- C:\Users\Mirko\Desktop\Google Chrome.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 21:05:58 | 000,842,548 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2011.01.08 21:05:58 | 000,711,012 | ---- | M] () -- C:\Windows\System32\perfh019.dat
    [2011.01.08 21:05:58 | 000,694,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2011.01.08 21:05:58 | 000,649,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.01.08 21:05:58 | 000,189,366 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2011.01.08 21:05:58 | 000,147,498 | ---- | M] () -- C:\Windows\System32\perfc019.dat
    [2011.01.08 21:05:58 | 000,146,666 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2011.01.08 21:05:58 | 000,119,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.01.08 16:29:58 | 000,051,633 | ---- | M] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:15 | 000,024,449 | ---- | M] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | M] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:15 | 000,002,080 | ---- | M] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:42 | 000,115,672 | ---- | M] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:53 | 000,227,769 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | M] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:31 | 000,013,998 | ---- | M] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.23 21:54:20 | 000,675,840 | ---- | M] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.22 15:22:00 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
    [2010.12.21 21:14:50 | 000,455,266 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2011.01.17 20:34:57 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 10:41:17 | 000,032,767 | ---- | C] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:24:14 | 000,006,087 | ---- | C] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | C] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:09:17 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | C] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.10 16:14:31 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 16:29:57 | 000,051,633 | ---- | C] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:14 | 000,024,449 | ---- | C] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | C] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:12 | 000,002,080 | ---- | C] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:39 | 000,115,672 | ---- | C] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:49 | 000,227,769 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | C] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:28 | 000,013,998 | ---- | C] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.21 21:14:42 | 000,455,266 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.09.26 19:54:44 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010.06.01 07:27:59 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
    [2010.04.20 13:17:33 | 000,000,111 | ---- | C] () -- C:\Windows\WinPlace.INI
    [2010.02.28 19:16:51 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
    [2010.02.20 14:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010.02.20 14:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010.02.08 19:15:47 | 000,000,041 | ---- | C] () -- C:\ProgramData\trfntw32.cfg
    [2010.01.19 11:33:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010.01.19 10:12:57 | 000,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater6.rbt
    [2010.01.05 08:25:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009.12.21 08:13:38 | 000,009,374 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformulartemp.htm
    [2009.12.21 07:43:16 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
    [2009.12.21 07:41:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2009.12.15 17:13:41 | 000,004,096 | -H-- | C] () -- C:\Users\Mirko\AppData\Local\keyfile3.drm
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
    [2009.12.02 17:09:54 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2009.12.02 17:09:54 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
    [2009.12.02 17:09:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2009.11.29 11:26:51 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini
    [2009.11.24 20:44:17 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009.11.24 20:44:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\074B8C1AA7.sys
    [2009.11.17 13:25:45 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
    [2009.11.17 13:24:39 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2009.11.17 08:29:55 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
    [2009.11.17 08:29:54 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
    [2009.11.13 13:52:03 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
    [2009.11.13 11:10:43 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009.11.10 14:42:17 | 000,007,680 | ---- | C] () -- C:\Users\Mirko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.11.08 17:40:59 | 000,007,604 | ---- | C] () -- C:\Users\Mirko\AppData\Local\Resmon.ResmonCfg
    [2009.11.07 10:49:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
    [2009.11.07 10:47:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
    [2009.11.07 10:45:19 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
    [2009.11.07 10:25:58 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2009.11.07 10:01:04 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2009.10.31 18:18:41 | 000,000,566 | ---- | C] () -- C:\ProgramData\ntuser.pol
    [2009.10.15 01:05:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
    [2009.10.15 01:02:09 | 000,000,309 | ---- | C] () -- C:\Windows\Lexstat.ini
    [2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
    [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009.07.04 07:29:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009.06.17 12:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009.04.19 13:05:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV57.sys
    [2009.04.17 08:01:05 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini
    [2009.04.07 15:25:30 | 000,039,950 | ---- | C] () -- C:\Windows\php.ini
    [2009.03.31 19:00:05 | 000,001,125 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009.03.27 05:46:21 | 000,024,085 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\UserTile.png
    [2009.03.26 18:38:47 | 000,000,490 | ---- | C] () -- C:\Windows\my.ini
    [2009.03.24 21:55:08 | 000,000,283 | ---- | C] () -- C:\Windows\netop.ini
    [2009.03.23 14:52:34 | 000,021,248 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
    [2009.03.23 14:52:34 | 000,013,568 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
    [2009.03.20 12:33:47 | 000,024,962 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
    [2009.03.19 19:32:57 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2009.03.19 17:18:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009.03.17 17:43:36 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
    [2009.03.10 21:37:34 | 000,038,434 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Access 97-2003.ADR
    [2009.02.16 10:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\Publisher4.INI
    [2009.02.10 16:20:57 | 000,000,581 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\WinHaBuLog.txt
    [2009.02.08 16:26:11 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009.02.08 16:26:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009.02.08 16:26:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009.02.07 20:43:05 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
    [2009.01.24 14:25:59 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
    [2009.01.01 13:59:56 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009.01.01 13:59:56 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2008.12.13 13:09:11 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\AA96686141.sys
    [2008.12.13 13:04:53 | 000,003,922 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2008.11.28 18:35:42 | 000,000,000 | ---- | C] () -- C:\Windows\WinPM.INI
    [2008.11.27 13:37:03 | 003,870,720 | ---- | C] () -- C:\Windows\System32\qt-mt323.dll
    [2008.11.12 01:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
    [2008.11.11 17:43:47 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2008.11.11 15:19:45 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
    [2008.11.11 15:07:35 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
    [2008.11.11 15:07:35 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
    [2008.11.11 14:59:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007.04.26 14:16:32 | 000,000,568 | ---- | C] () -- C:\Windows\ses80.ini
    [2007.02.16 00:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
    [2006.11.30 01:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
    [2006.10.09 18:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
    [2006.06.07 19:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
    [2006.03.27 17:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
    [2006.03.07 17:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
    [2002.07.03 14:03:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\WB3.dll
    [1999.12.06 23:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
     
    ========== LOP Check ==========
     
    [2011.01.17 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2009.10.31 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\AceBIT
    [2010.05.03 14:02:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Aston2
    [2010.10.26 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Auftrags-MANAGER
    [2009.11.28 03:35:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Azureus
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BinarySense
    [2011.01.17 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BitTorrent
    [2010.05.20 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BlueShot
    [2009.11.16 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Blumentals
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Bullzip
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CombiFinanz
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CompanionLink
    [2010.06.20 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformular
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DAEMON Tools Pro
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DDWidget
    [2011.01.18 00:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Desktopicon
    [2010.07.23 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\digital publishing
    [2009.12.22 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Downloaded Installations
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DriverCure
    [2010.06.12 09:41:33 | 000,000,000 | -H-D | M] -- C:\Users\Mirko\AppData\Roaming\drivers
    [2010.05.19 08:39:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\FileZilla
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Foxit
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\GST
    [2009.12.12 03:32:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\gtk-2.0
    [2010.04.20 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\hastasoft
    [2011.01.08 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\IBP
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\invendio Client
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Itsth
    [2010.04.09 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JAM Software
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JonDo
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\julitec
    [2011.01.09 16:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Local
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\LogoMaker
    [2010.09.28 00:09:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Magic Collage
    [2009.12.21 07:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAGIX
    [2009.11.11 09:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAP&GUIDE
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MiniDm
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Musicmatch
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MusicNet
    [2010.02.05 10:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Nitro PDF
    [2009.11.15 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Opera
    [2009.10.31 17:55:29 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\PeerNetworking
    [2010.01.08 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Qpur
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\ScanSoft
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Scendix Software
    [2010.01.08 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Setup
    [2009.10.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SmartTools
    [2010.06.14 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Softland
    [2009.10.31 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SolidDocuments
    [2009.11.02 16:16:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\thecleaner
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Thunderbird
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TomTom
    [2011.01.17 03:09:07 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TuneUp Software
    [2009.12.26 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Typing Assistant (German) 5.1
    [2009.11.08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uniblue
    [2010.01.08 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uninstal
    [2010.12.02 06:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Verbindungsassistent
    [2010.04.13 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Vodafone
    [2009.10.31 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Zeon
    [2011.01.10 15:11:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
    [2011.01.18 09:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E0258CAE
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0DB6FB53
    
    < End of report >

  9. #9
    Einsteiger
    Registriert seit
    17.01.2011
    Beiträge
    19

    AW: Hijack.log

    Ich hatte vergessen, die Häkchen zu setzen bei LOP und Purity

    Code:
     
    OTL logfile created on: 18.01.2011 09:50:12 - Run 2
    OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\Mirko\Downloads
     Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
    3,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File free
    Paging file location(s):  [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 79,05 Gb Total Space | 21,35 Gb Free Space | 27,00% Space Free | Partition Type: NTFS
    Drive E: | 23,69 Gb Total Space | 6,06 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
    Drive G: | 21,86 Gb Total Space | 11,05 Gb Free Space | 50,54% Space Free | Partition Type: NTFS
    Drive H: | 15,66 Mb Total Space | 5,91 Mb Free Space | 37,77% Space Free | Partition Type: NTFS
    Drive I: | 10,98 Gb Total Space | 5,36 Gb Free Space | 48,81% Space Free | Partition Type: NTFS
    Drive J: | 1,89 Gb Total Space | 1,83 Gb Free Space | 97,05% Space Free | Partition Type: FAT
     
    Computer Name: MIRKOLAPTOP | User Name: Mirko | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2011.01.18 09:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
    PRC - [2011.01.15 16:50:46 | 000,238,960 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe
    PRC - [2010.12.14 15:34:20 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    PRC - [2010.12.14 15:32:52 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    PRC - [2010.12.11 01:11:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010.12.01 08:31:05 | 000,330,696 | ---- | M] () -- C:\Program Files\Verbindungsassistent\WTGService.exe
    PRC - [2010.10.23 00:45:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Mirko\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010.08.25 19:45:38 | 000,179,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
    PRC - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
    PRC - [2009.12.20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe
    PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
    PRC - [2009.12.16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009.05.20 07:12:06 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
    PRC - [2008.09.29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    PRC - [2008.09.29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2008.09.29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2008.09.29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    PRC - [2008.09.29 09:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2008.09.29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    PRC - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008.05.22 18:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
    PRC - [2008.04.17 16:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
    PRC - [2008.03.14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2008.03.14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2007.07.05 08:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    PRC - [2007.02.08 23:50:33 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2011.01.18 09:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
    MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
    SRV - File not found [On_Demand | Stopped] --  -- (BroadCamService)
    SRV - [2010.12.20 01:10:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010.12.14 15:32:52 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2010.12.14 15:30:46 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2010.12.01 08:31:05 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
    SRV - [2010.11.02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
    SRV - [2009.12.20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
    SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
    SRV - [2009.12.16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2009.11.18 14:31:36 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2009.11.14 12:02:33 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009.11.01 08:28:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
    SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009.05.20 07:12:06 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
    SRV - [2008.09.29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2008.09.29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2008.09.29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2008.09.29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008.03.14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007.02.08 23:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - [2010.08.25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2010.08.19 21:08:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2010.06.10 02:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009.11.18 14:09:08 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
    DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009.09.23 02:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2009.09.23 02:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2009.09.23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2009.09.23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM)
    DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009.07.14 00:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB)
    DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell)
    DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell)
    DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009.07.13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009.04.20 16:13:53 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
    DRV - [2009.04.19 13:05:54 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV57.sys -- (SSHDRV57)
    DRV - [2009.01.11 18:18:38 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008.09.29 09:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008.09.29 09:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2008.09.29 09:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2008.09.29 09:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2008.09.29 09:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008.09.29 09:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2008.07.24 10:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008.06.05 17:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
    DRV - [2008.04.18 00:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008.04.04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)
    DRV - [2008.02.15 15:52:02 | 000,018,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\biont_bs.sys -- (BioNT_BS)
    DRV - [2007.11.06 09:58:50 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
    DRV - [2007.11.06 09:58:50 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
    DRV - [2007.11.03 12:21:02 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2007.10.26 22:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006.11.14 10:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849855
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
     
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.12 09:04:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.09 16:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.09 16:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.28 20:07:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 16:56:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.28 20:07:33 | 000,000,000 | ---D | M]
     
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions
    [2009.10.15 10:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009.06.17 14:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2010.06.08 05:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010.01.19 09:44:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20}
    [2010.05.17 11:59:51 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\1zxn1pic.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2011.01.18 00:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions
    [2010.04.29 06:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010.09.10 19:43:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011.01.17 16:43:15 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
    [2011.01.06 16:11:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011.01.06 16:11:27 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
    [2010.02.03 10:51:45 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
    [2011.01.17 16:43:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\3byk5pam.default\extensions\engine@conduit.com
    [2010.05.17 11:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\9owkdpe0.default\extensions
    [2010.05.17 11:59:55 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\9owkdpe0.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.05.17 11:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\p71gb2pa.default\extensions
    [2010.05.17 11:59:56 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\p71gb2pa.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.08.23 14:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009.10.31 17:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    [2009.10.31 17:23:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
    [2010.05.24 23:16:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010.08.23 14:40:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2008.09.29 09:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2008.10.19 10:58:22 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
    [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2008.09.10 02:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
    [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010.09.20 23:04:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2010.06.01 07:27:52 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    [2010.09.20 23:04:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
    [2010.09.20 23:04:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2009.11.01 12:27:13 | 000,002,817 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SiteVacuum.xml
    [2010.09.20 23:04:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2010.09.20 23:04:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.11.12 09:38:07 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O1 - Hosts: 127.0.0.1				activate.adobe.com
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (T1) - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\Program Files\Langenscheidt T1 6_0\Engine\mte\StdAlone\T1IE.dll (Comprendium Lingua GmbH.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260583483871 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\MIRKO\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{94f74c1c-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c23-471b-11df-9257-b0c76291e33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f74c29-471b-11df-9257-82b645f02e2e}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a4035-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb4a403b-4d7d-11df-a517-a7acb9919a0f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{ea8dd3ca-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8dd3cc-5295-11df-a5a2-8081f670c157}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{f43b1fd6-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\{f43b1fd8-51c3-11df-8fc2-a1ca97e0760a}\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk /r \??\L:) -  File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\Paragon Software\Partition Manager 9.0 Professional\bluescrn\bluescrn.exe) - C:\Program Files\Paragon Software\Partition Manager 9.0 Professional\BlueScrn\bluescrn.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2011.01.17 20:34:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.01.17 20:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
    [2011.01.17 20:34:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.01.17 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.01.17 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2011.01.17 16:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\123 Free Solitaire
    [2011.01.17 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\123 Free Solitaire
    [2011.01.17 03:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\TuneUp Utilities 2011
    [2011.01.17 03:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
    [2011.01.12 00:20:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011.01.12 00:20:15 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2011.01.12 00:20:15 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011.01.12 00:20:15 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2011.01.12 00:20:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011.01.12 00:20:15 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011.01.12 00:20:14 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2011.01.12 00:20:14 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011.01.12 00:20:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2011.01.12 00:20:14 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
    [2011.01.12 00:20:14 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2011.01.12 00:20:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2011.01.12 00:20:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2011.01.10 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2011.01.09 16:56:54 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\Local
    [2011.01.09 16:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DivX Plus
    [2011.01.09 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2011.01.09 07:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mirko\Desktop\LUSTIG
    [2011.01.08 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HiYo
    [2011.01.08 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\HiYo
    [2011.01.08 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HiYo
    [2011.01.08 13:41:19 | 000,675,840 | ---- | C] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.28 20:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
    [2010.12.28 20:09:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
    [2010.12.28 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010.12.28 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010.12.28 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
    [2010.12.28 20:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010.12.28 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010.12.28 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010.12.23 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI
    [2010.12.20 01:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Silverlight
    [2010.12.20 01:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010.12.20 01:10:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [2010.09.28 00:07:54 | 000,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
    [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009.11.07 10:45:19 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
    [2009.11.07 10:45:18 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
    [2009.11.07 10:45:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
    [2009.11.07 10:45:17 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
    [2009.11.07 10:45:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
    [2009.11.07 10:45:17 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
    [2009.11.07 10:45:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
    [2009.11.07 10:45:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
    [2009.11.07 10:45:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
    [2009.11.07 10:45:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
    [2009.11.07 10:45:13 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
    [2006.11.24 22:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
    [2006.11.24 22:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2011.01.18 09:50:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000UA.job
    [2011.01.18 09:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
    [2011.01.18 09:05:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.01.18 01:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170566125-536363276-934253545-1000Core.job
    [2011.01.18 01:05:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:36:46 | 000,023,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.01.18 00:31:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011.01.18 00:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.01.18 00:31:28 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011.01.17 20:34:57 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 14:44:19 | 000,000,114 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
    [2011.01.17 10:41:27 | 000,032,767 | ---- | M] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:27:33 | 000,006,087 | ---- | M] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | M] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:11:14 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | M] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.14 18:36:51 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.13 00:50:40 | 000,002,269 | ---- | M] () -- C:\Users\Mirko\Desktop\Google Chrome.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 21:05:58 | 000,842,548 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2011.01.08 21:05:58 | 000,711,012 | ---- | M] () -- C:\Windows\System32\perfh019.dat
    [2011.01.08 21:05:58 | 000,694,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2011.01.08 21:05:58 | 000,649,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.01.08 21:05:58 | 000,189,366 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2011.01.08 21:05:58 | 000,147,498 | ---- | M] () -- C:\Windows\System32\perfc019.dat
    [2011.01.08 21:05:58 | 000,146,666 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2011.01.08 21:05:58 | 000,119,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.01.08 16:29:58 | 000,051,633 | ---- | M] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:15 | 000,024,449 | ---- | M] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | M] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:15 | 000,002,080 | ---- | M] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:42 | 000,115,672 | ---- | M] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:53 | 000,227,769 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | M] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:31 | 000,013,998 | ---- | M] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.23 21:54:20 | 000,675,840 | ---- | M] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
    [2010.12.22 15:22:00 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
    [2010.12.21 21:14:50 | 000,455,266 | ---- | M] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2011.01.17 20:34:57 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.17 16:27:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
    [2011.01.17 10:41:17 | 000,032,767 | ---- | C] () -- C:\Users\Mirko\Desktop\Lohnabrechnung Morser 12-2010.pdf
    [2011.01.17 10:24:14 | 000,006,087 | ---- | C] () -- C:\Users\Mirko\Desktop\umsaetze-6721403.pdf
    [2011.01.17 10:18:40 | 000,016,133 | ---- | C] () -- C:\Users\Mirko\Desktop\2011-01-17_10.12_6721403_Kontoauszug_Nr._1.pdf
    [2011.01.17 03:09:17 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
    [2011.01.14 21:14:12 | 000,068,204 | ---- | C] () -- C:\Users\Mirko\Desktop\Svetlana Muravievas Profil – Windows Live.pdf
    [2011.01.10 16:14:31 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011.01.09 16:56:43 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011.01.09 16:52:40 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011.01.08 16:29:57 | 000,051,633 | ---- | C] () -- C:\Users\Mirko\Desktop\b043d9c2.jpg
    [2011.01.04 08:54:14 | 000,024,449 | ---- | C] () -- C:\Users\Mirko\Desktop\Erklärung.docx
    [2011.01.03 16:31:13 | 000,400,177 | ---- | C] () -- C:\Users\Mirko\Desktop\visumantrag-schen-ru-de.pdf
    [2011.01.03 12:54:12 | 000,002,080 | ---- | C] () -- C:\Users\Mirko\Desktop\a_r_s_c_h.gif
    [2011.01.02 13:05:39 | 000,115,672 | ---- | C] () -- C:\Users\Mirko\Desktop\honda.jpg
    [2010.12.30 16:04:49 | 000,227,769 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_1237.JPG
    [2010.12.30 15:38:15 | 000,053,016 | ---- | C] () -- C:\Users\Mirko\Desktop\vollmacht_anmeldung_eheschliessung.pdf
    [2010.12.28 20:09:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.12.28 20:07:25 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010.12.28 16:19:28 | 000,013,998 | ---- | C] () -- C:\Users\Mirko\Desktop\kirmet.jpg
    [2010.12.21 21:14:42 | 000,455,266 | ---- | C] () -- C:\Users\Mirko\Desktop\SAM_0188.JPG
    [2010.09.26 19:54:44 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010.06.01 07:27:59 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
    [2010.04.20 13:17:33 | 000,000,111 | ---- | C] () -- C:\Windows\WinPlace.INI
    [2010.02.28 19:16:51 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
    [2010.02.20 14:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010.02.20 14:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010.02.08 19:15:47 | 000,000,041 | ---- | C] () -- C:\ProgramData\trfntw32.cfg
    [2010.01.19 11:33:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010.01.19 10:12:57 | 000,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater6.rbt
    [2010.01.05 08:25:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009.12.21 08:13:38 | 000,009,374 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformulartemp.htm
    [2009.12.21 07:43:16 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
    [2009.12.21 07:41:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2009.12.15 17:13:41 | 000,004,096 | -H-- | C] () -- C:\Users\Mirko\AppData\Local\keyfile3.drm
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
    [2009.12.02 17:09:54 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
    [2009.12.02 17:09:54 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2009.12.02 17:09:54 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
    [2009.12.02 17:09:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2009.11.29 11:26:51 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini
    [2009.11.24 20:44:17 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009.11.24 20:44:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\074B8C1AA7.sys
    [2009.11.17 13:25:45 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
    [2009.11.17 13:24:39 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2009.11.17 08:29:55 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
    [2009.11.17 08:29:54 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
    [2009.11.13 13:52:03 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
    [2009.11.13 11:10:43 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009.11.10 14:42:17 | 000,007,680 | ---- | C] () -- C:\Users\Mirko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.11.08 17:40:59 | 000,007,604 | ---- | C] () -- C:\Users\Mirko\AppData\Local\Resmon.ResmonCfg
    [2009.11.07 10:49:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
    [2009.11.07 10:47:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
    [2009.11.07 10:45:19 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
    [2009.11.07 10:45:18 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
    [2009.11.07 10:25:58 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2009.11.07 10:01:04 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2009.10.31 18:18:41 | 000,000,566 | ---- | C] () -- C:\ProgramData\ntuser.pol
    [2009.10.15 01:05:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
    [2009.10.15 01:02:09 | 000,000,309 | ---- | C] () -- C:\Windows\Lexstat.ini
    [2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
    [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009.07.04 07:29:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009.06.17 12:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009.04.19 13:05:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV57.sys
    [2009.04.17 08:01:05 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini
    [2009.04.07 15:25:30 | 000,039,950 | ---- | C] () -- C:\Windows\php.ini
    [2009.03.31 19:00:05 | 000,001,125 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009.03.27 05:46:21 | 000,024,085 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\UserTile.png
    [2009.03.26 18:38:47 | 000,000,490 | ---- | C] () -- C:\Windows\my.ini
    [2009.03.24 21:55:08 | 000,000,283 | ---- | C] () -- C:\Windows\netop.ini
    [2009.03.23 14:52:34 | 000,021,248 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
    [2009.03.23 14:52:34 | 000,013,568 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
    [2009.03.20 12:33:47 | 000,024,962 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
    [2009.03.19 19:32:57 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2009.03.19 17:18:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009.03.17 17:43:36 | 000,024,958 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
    [2009.03.10 21:37:34 | 000,038,434 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\Microsoft Access 97-2003.ADR
    [2009.02.16 10:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\Publisher4.INI
    [2009.02.10 16:20:57 | 000,000,581 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\WinHaBuLog.txt
    [2009.02.08 16:26:11 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009.02.08 16:26:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009.02.08 16:26:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009.02.07 20:43:05 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
    [2009.01.24 14:25:59 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
    [2009.01.01 13:59:56 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009.01.01 13:59:56 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2008.12.13 13:09:11 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\AA96686141.sys
    [2008.12.13 13:04:53 | 000,003,922 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2008.11.28 18:35:42 | 000,000,000 | ---- | C] () -- C:\Windows\WinPM.INI
    [2008.11.27 13:37:03 | 003,870,720 | ---- | C] () -- C:\Windows\System32\qt-mt323.dll
    [2008.11.12 01:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
    [2008.11.11 17:43:47 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2008.11.11 15:19:45 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
    [2008.11.11 15:07:35 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
    [2008.11.11 15:07:35 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
    [2008.11.11 14:59:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007.04.26 14:16:32 | 000,000,568 | ---- | C] () -- C:\Windows\ses80.ini
    [2007.02.16 00:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
    [2006.11.30 01:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
    [2006.10.09 18:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
    [2006.06.07 19:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
    [2006.03.27 17:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
    [2006.03.07 17:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
    [2006.01.10 23:11:05 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
    [2002.07.03 14:03:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\WB3.dll
    [1999.12.06 23:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
     
    ========== LOP Check ==========
     
    [2011.01.17 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\123 Free Solitaire
    [2009.10.31 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\AceBIT
    [2010.05.03 14:02:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Aston2
    [2010.10.26 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Auftrags-MANAGER
    [2009.11.28 03:35:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Azureus
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BinarySense
    [2011.01.17 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BitTorrent
    [2010.05.20 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\BlueShot
    [2009.11.16 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Blumentals
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Bullzip
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CombiFinanz
    [2009.10.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\CompanionLink
    [2010.06.20 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DA-Bestellformular
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DAEMON Tools Pro
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DDWidget
    [2011.01.18 00:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Desktopicon
    [2010.07.23 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\digital publishing
    [2009.12.22 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Downloaded Installations
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\DriverCure
    [2010.06.12 09:41:33 | 000,000,000 | -H-D | M] -- C:\Users\Mirko\AppData\Roaming\drivers
    [2010.05.19 08:39:21 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\FileZilla
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Foxit
    [2009.10.31 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\GST
    [2009.12.12 03:32:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\gtk-2.0
    [2010.04.20 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\hastasoft
    [2011.01.08 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\HiYo
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\IBP
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\invendio Client
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Itsth
    [2010.04.09 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JAM Software
    [2009.10.31 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\JonDo
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\julitec
    [2011.01.09 16:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Local
    [2009.10.31 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\LogoMaker
    [2010.09.28 00:09:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Magic Collage
    [2009.12.21 07:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAGIX
    [2009.11.11 09:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MAP&GUIDE
    [2009.10.31 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MiniDm
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Musicmatch
    [2009.10.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\MusicNet
    [2010.02.05 10:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Nitro PDF
    [2009.11.15 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Opera
    [2009.10.31 17:55:29 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\PeerNetworking
    [2010.01.08 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Qpur
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\ScanSoft
    [2009.10.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Scendix Software
    [2010.01.08 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Setup
    [2009.10.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SmartTools
    [2010.06.14 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Softland
    [2009.10.31 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\SolidDocuments
    [2009.11.02 16:16:57 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\thecleaner
    [2010.01.13 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Thunderbird
    [2010.09.13 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TomTom
    [2011.01.17 03:09:07 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TuneUp Software
    [2009.12.26 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Typing Assistant (German) 5.1
    [2009.11.08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uniblue
    [2010.01.08 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Uninstal
    [2010.12.02 06:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Verbindungsassistent
    [2010.04.13 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Vodafone
    [2009.10.31 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Zeon
    [2011.01.10 15:11:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.01.18 00:37:10 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
    [2011.01.18 09:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52DF77FC-9137-461D-A6F9-7FB568F1EFD8}.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E0258CAE
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0DB6FB53
    
    < End of report >

  10. #10
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.800

    AW: Hijack.log

    habe mit "weitere Schritte" gemeint ist von hier abarbeiten, was noch fehlt:-> http://www.hijackthis-forum.de/hijac...tml#post348125
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

Seite 1 von 3 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 21
    Letzter Beitrag: 19.02.2008, 21:34
  2. Hijack Log - Please help
    Von Boney im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 18.11.2007, 05:17
  3. Hijack Log - Please Help
    Von ajarman im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 13.11.2007, 00:28
  4. [HELP]Hijack This - log
    Von antarek im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 27.05.2007, 01:20
  5. hijack log
    Von deeztwinz im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 04.09.2005, 19:31

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •