Browse to save

**oldman960** · 2013-01-21, 11:31

Hi disneykiller,

If you had to google it it's unlikely you knowingly installed it. It does seem to go hand in hand with some of the adware you had on your computer. We can take care of it.

Let's see what's left.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the box beside "scan all users"
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt, no Extras.Txt this time.

**disneykiller** · 2013-01-21, 13:03

Here we go: part 1

OTL logfile created on: 21.01.2013 12:22:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,79 Gb Total Physical Memory | 5,72 Gb Available Physical Memory | 73,41% Memory free
15,57 Gb Paging File | 12,97 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108,05 Gb Total Space | 19,73 Gb Free Space | 18,26% Space Free | Partition Type: NTFS
Drive D: | 798,17 Gb Total Space | 511,66 Gb Free Space | 64,10% Space Free | Partition Type: NTFS
Drive E: | 7,39 Gb Total Space | 6,83 Gb Free Space | 92,32% Space Free | Partition Type: FAT32

Computer Name: DISNEYKILLER | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Martin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung Electronics CO., LTD.)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
PRC - C:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Everything\Everything.exe ()

========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabDRS.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabscw.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabcaps.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Everything\Everything.exe ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WTabletServiceCon) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV:64bit: - (lmab_device) -- C:\Windows\SysNative\lmabcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (CronService) -- C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (lmab_device) -- C:\Windows\SysWOW64\lmabcoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DLPortIO) -- C:\windows\SysWow64\drivers\dlportio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5C74A4D5-B8EB-48D7-B3A7-A274701ED6D3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14&q={searchTerms}
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://startpage.com/"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bfbfbcf27-b313-47a9-987d-4e1e320afa25%7D:2.0
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.321
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.2
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@jazz-soft.com/JazzPlugin: C:\Program Files (x86)\Jazz-Soft\Jazz-Plugin\npJazz.dll (Jazz-Soft)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.11 17:32:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 01:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 01:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 21:34:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 01:20:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 01:20:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 21:34:47 | 000,000,000 | ---D | M]

[2012.09.16 10:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2013.01.20 23:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions
[2013.01.11 08:42:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.17 12:09:09 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\50cf00df7b572@50cf00df7b5ab.com
[2013.01.09 10:21:49 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\firefox@ghostery.com
[2012.09.16 10:55:51 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\firejump@firejump.net
[2013.01.08 09:02:20 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\https-everywhere@eff.org
[2012.10.02 20:23:04 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\support@predictad.com
[2013.01.19 13:13:25 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\client@anonymox.net.xpi
[2012.12.30 12:04:41 | 001,014,455 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\IDGARD@jetpack.xpi
[2013.01.16 10:46:16 | 000,389,447 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012.12.11 08:53:36 | 000,160,219 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\socialfixer@mattkruse.com.xpi
[2013.01.19 13:13:27 | 000,533,221 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.04 09:17:56 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2013.01.11 08:42:30 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.26 17:32:10 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.01.16 10:46:20 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.04.26 17:31:50 | 000,021,692 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{fbfbcf27-b313-47a9-987d-4e1e320afa25}.xpi
[2012.04.27 15:53:16 | 000,010,345 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\searchplugins\duckduckgo.xml
[2013.01.20 01:12:52 | 000,005,492 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\searchplugins\startpage-https---deutsch.xml
[2013.01.20 01:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.11 17:32:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
[2013.01.20 01:20:22 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.10.02 20:23:04 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
[2012.10.12 08:04:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 08:04:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.12 08:04:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 08:04:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 08:04:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 08:04:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4201702909-4008549763-78736917-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4201702909-4008549763-78736917-1001..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe ( )
O4 - HKU\S-1-5-21-4201702909-4008549763-78736917-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4201702909-4008549763-78736917-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\Martin\AppData\Roaming\Wuala\Wuala.exe (LaCie)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D648904F-7844-46DB-9E63-BE91958D2678}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\spyhunter4.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wuala.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\spyhunter4.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\wuala.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.13 10:58:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90305345-000b-11e2-a4e7-c48508129624}\Shell - "" = AutoRun
O33 - MountPoints2\{90305345-000b-11e2-a4e7-c48508129624}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

to be continued...

**disneykiller** · 2013-01-21, 13:05

and part two:

========== Files/Folders - Created Within 30 Days ==========

[2013.01.21 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Evernote
[2013.01.21 09:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2013.01.21 09:06:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2013.01.21 09:06:31 | 000,015,776 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wacomrouterfilter.sys
[2013.01.21 09:06:29 | 000,081,312 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wachidrouter.sys
[2013.01.21 09:06:29 | 000,013,728 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\hidkmdf.sys
[2013.01.20 01:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.19 09:52:44 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2013.01.19 09:52:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Wacom
[2013.01.19 09:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2013.01.19 09:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2013.01.19 09:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.19 09:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2013.01.19 09:49:38 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WTablet
[2013.01.19 09:49:37 | 001,974,656 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Pen_Touch_Tablet.dll
[2013.01.19 09:49:37 | 001,621,888 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Pen_Touch_Tablet.dll
[2013.01.19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2013.01.19 09:49:25 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wacommousefilter.sys
[2013.01.19 09:49:14 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wacomvhid.sys
[2013.01.19 09:49:12 | 001,981,824 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Pen_Tablet.dll
[2013.01.19 09:49:12 | 001,844,096 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Wintab32.dll
[2013.01.19 09:49:12 | 001,841,024 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\WacomMT.dll
[2013.01.19 09:49:12 | 001,629,056 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Pen_Tablet.dll
[2013.01.19 09:49:12 | 001,510,272 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Wintab32.dll
[2013.01.19 09:49:12 | 001,506,176 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\WacomMT.dll
[2013.01.19 09:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2013.01.16 08:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.15 10:37:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2013.01.15 10:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2013.01.13 13:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013.01.13 13:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013.01.13 10:58:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.13 10:58:28 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.13 10:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.13 10:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.01.12 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2013.01.12 10:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.01.12 10:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013.01.12 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Content Management Utility
[2013.01.11 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Sony Corporation
[2013.01.11 18:29:22 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2013.01.11 18:29:22 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2013.01.11 18:29:22 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2013.01.11 18:29:22 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2013.01.11 18:29:22 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2013.01.11 18:29:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2013.01.11 18:29:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2013.01.11 18:29:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2013.01.11 18:29:21 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2013.01.11 18:29:21 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2013.01.11 18:29:21 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2013.01.11 18:29:20 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2013.01.11 18:29:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2013.01.11 18:29:20 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2013.01.11 18:29:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2013.01.11 18:29:20 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2013.01.11 18:29:20 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2013.01.11 18:29:20 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2013.01.11 18:29:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2013.01.11 18:29:20 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2013.01.11 18:29:20 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2013.01.11 18:29:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2013.01.11 18:29:19 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2013.01.11 18:29:17 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2013.01.11 18:29:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2013.01.11 18:29:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2013.01.11 18:29:17 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2013.01.11 18:29:17 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2013.01.11 18:29:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2013.01.11 18:29:17 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2013.01.11 18:29:17 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2013.01.11 18:29:16 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2013.01.11 18:29:16 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2013.01.11 18:29:16 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2013.01.11 18:29:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2013.01.11 18:29:14 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2013.01.11 18:29:14 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2013.01.11 18:29:14 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2013.01.11 18:29:14 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2013.01.11 18:29:14 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2013.01.11 18:29:14 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2013.01.11 18:29:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2013.01.11 18:29:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2013.01.11 18:29:13 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2013.01.11 18:29:13 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2013.01.11 18:29:12 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2013.01.11 18:29:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2013.01.11 18:29:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2013.01.11 18:29:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2013.01.11 18:29:10 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2013.01.11 18:29:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2013.01.11 18:29:09 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2013.01.11 18:29:09 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2013.01.11 18:29:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2013.01.11 18:29:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2013.01.11 18:29:08 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2013.01.11 18:29:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2013.01.11 18:29:07 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2013.01.11 18:29:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2013.01.11 18:29:07 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2013.01.11 18:29:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2013.01.11 18:29:04 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2013.01.11 18:29:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2013.01.11 18:29:04 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2013.01.11 18:29:04 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2013.01.11 18:29:04 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2013.01.11 18:29:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2013.01.11 18:29:04 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2013.01.11 18:29:04 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2013.01.11 18:29:03 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2013.01.11 18:29:03 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2013.01.11 18:29:02 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2013.01.11 18:29:02 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2013.01.11 18:29:02 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2013.01.11 18:29:02 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2013.01.11 18:29:02 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2013.01.11 18:29:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2013.01.11 18:29:02 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2013.01.11 18:29:02 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2013.01.11 18:29:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2013.01.11 18:29:02 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2013.01.11 18:29:02 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2013.01.11 18:29:02 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2013.01.11 18:29:01 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2013.01.11 18:29:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2013.01.11 18:29:01 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2013.01.11 18:29:01 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2013.01.11 18:29:01 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2013.01.11 18:29:01 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2013.01.11 18:29:00 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2013.01.11 18:29:00 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2013.01.11 18:29:00 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2013.01.11 18:29:00 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2013.01.11 18:29:00 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2013.01.11 18:29:00 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2013.01.11 18:29:00 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2013.01.11 18:29:00 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2013.01.11 18:29:00 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2013.01.11 18:29:00 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2013.01.11 18:28:59 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2013.01.11 18:28:59 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2013.01.11 18:28:58 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2013.01.11 18:28:58 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2013.01.11 18:28:58 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2013.01.11 18:28:58 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2013.01.11 18:28:57 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll
[2013.01.11 18:28:57 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll
[2013.01.11 18:28:56 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2013.01.11 18:28:56 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2013.01.11 18:28:56 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2013.01.11 18:28:56 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2013.01.11 18:28:56 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2013.01.11 18:28:55 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2013.01.11 18:28:55 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2013.01.11 18:28:55 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2013.01.11 18:28:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2013.01.11 18:28:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2013.01.11 18:28:55 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2013.01.11 18:28:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2013.01.11 18:28:55 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2013.01.11 18:28:54 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2013.01.11 18:28:54 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2013.01.11 18:28:51 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2013.01.11 18:28:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2013.01.11 18:28:50 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2013.01.11 18:28:50 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2013.01.11 18:28:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2013.01.11 18:28:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2013.01.11 18:28:50 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2013.01.11 18:28:50 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2013.01.11 18:28:50 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2013.01.11 18:28:50 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2013.01.11 18:28:49 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2013.01.11 18:28:49 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2013.01.11 18:28:49 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2013.01.11 18:28:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2013.01.11 18:28:49 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2013.01.11 18:28:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2013.01.11 18:28:48 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2013.01.11 18:28:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2013.01.11 17:31:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DivX
[2013.01.11 17:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.01.11 17:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.01.11 17:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.01.11 17:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.01.11 17:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.01.11 17:26:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2013.01.11 17:26:23 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2013.01.11 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013.01.11 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013.01.11 17:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.01.11 17:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.01.11 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Winamp
[2013.01.11 17:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.01.10 18:59:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Flavio Tordini
[2013.01.10 18:58:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Musique
[2013.01.10 18:58:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Musique
[2013.01.10 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX_MusicEditor
[2013.01.10 13:52:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Xara
[2013.01.10 13:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2013.01.10 10:40:17 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2013.01.10 10:40:13 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2013.01.10 10:40:12 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2013.01.10 10:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.01.10 10:39:41 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2013.01.10 10:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.01.10 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.10 10:38:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.10 10:38:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.09 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX Downloads
[2013.01.09 23:06:30 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX
[2013.01.09 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\simplitec
[2013.01.09 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX
[2013.01.09 12:13:51 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2013.01.09 12:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.01.09 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2013.01.09 12:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec
[2013.01.09 12:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.01.09 12:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2013.01.09 12:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.09 09:03:29 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013.01.09 09:03:28 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013.01.09 09:03:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013.01.09 09:03:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013.01.09 09:03:15 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013.01.09 09:03:15 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013.01.09 09:03:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013.01.09 09:03:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013.01.09 09:03:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013.01.09 09:03:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013.01.09 09:03:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013.01.09 09:03:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013.01.09 09:03:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013.01.09 09:03:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013.01.09 09:03:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013.01.09 09:03:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013.01.09 09:03:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013.01.09 09:03:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013.01.09 09:03:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013.01.09 09:03:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013.01.09 09:03:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013.01.09 09:03:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013.01.09 09:03:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013.01.09 09:03:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013.01.09 09:03:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013.01.09 09:03:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013.01.09 09:03:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013.01.09 09:03:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013.01.09 09:03:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013.01.09 09:03:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013.01.09 09:03:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013.01.09 09:02:56 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013.01.09 09:02:56 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013.01.09 09:02:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013.01.09 09:02:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013.01.09 09:02:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013.01.09 09:02:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.01.09 09:02:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.01.09 09:02:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013.01.09 09:02:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.01.09 09:02:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013.01.09 09:02:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.01.09 09:02:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 09:02:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 09:02:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.01.09 09:02:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013.01.08 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.08 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{35879EB4-B502-4EA8-A806-C52FBC551FE8}
[2013.01.04 00:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2013.01.04 00:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber
[2013.01.02 13:15:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Windows Live
[2013.01.02 13:14:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{9A8FCBE6-6F7C-4010-A61D-9C5C05AF89D3}
[2013.01.01 17:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2012.12.30 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\shexview-x64
[2012.12.30 12:15:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\dwhelper
[2012.12.29 21:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
[2012.12.29 21:35:43 | 000,038,672 | ---- | C] (PCTV Systems S.à r.l.) -- C:\windows\SysWow64\pcleUtil.dll
[2012.12.29 21:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinTV
[2012.12.29 21:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Hauppauge
[2012.12.29 21:18:19 | 000,831,554 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwtvwnd.dll
[2012.12.29 21:18:19 | 000,323,640 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwpnp32.dll
[2012.12.29 21:18:19 | 000,118,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysWow64\hcwi2c32.dll
[2012.12.29 21:18:19 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwutl32.dll
[2012.12.29 21:00:34 | 000,658,944 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw95bda.sys
[2012.12.29 21:00:34 | 000,019,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\hcw95rc.sys
[2012.12.29 21:00:34 | 000,019,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw95rc.sys
[2012.12.29 21:00:31 | 000,000,000 | ---D | C] -- C:\Hauppauge
[2012.12.29 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\.mediathek3
[2012.12.29 18:13:46 | 002,179,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71d.dll
[2012.12.29 18:13:46 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp71d.dll
[2012.12.29 18:13:46 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr71d.dll
[2012.12.29 18:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IviSDK
[2012.12.29 18:13:00 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.007
[2012.12.29 18:13:00 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSComCt2.ocx
[2012.12.29 18:13:00 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.003
[2012.12.29 18:13:00 | 000,204,800 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\Mdcustoms.ocx
[2012.12.29 18:13:00 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.004
[2012.12.29 18:13:00 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.005
[2012.12.29 18:13:00 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Msinet.ocx
[2012.12.29 18:13:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2012.12.29 18:13:00 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCAL.OCX
[2012.12.29 18:13:00 | 000,069,632 | ---- | C] (Hauppauge Computer Works ) -- C:\windows\SysWow64\3DES.dll
[2012.12.29 18:13:00 | 000,053,248 | ---- | C] (Hauppauge) -- C:\windows\SysWow64\MDCustomPanels.ocx
[2012.12.29 18:13:00 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.008
[2012.12.29 18:13:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.006
[2012.12.29 18:12:22 | 000,000,000 | ---D | C] -- C:\MyVideos
[2012.12.29 18:11:54 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.002
[2012.12.29 18:11:54 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.001
[2012.12.29 18:11:54 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.000
[2012.12.27 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\.VirtualBox
[2012.12.27 21:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.12.27 21:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.12.27 15:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.27 15:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.27 15:49:12 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2012.12.27 15:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.12.25 09:27:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\redsn0w
[2012.12.22 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\dvdcss
[2012.09.18 20:05:47 | 000,409,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\rescue2usb.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.21 12:19:20 | 000,015,473 | ---- | M] () -- C:\Users\Martin\Desktop\WSfS-Arbeit.ods
[2013.01.21 12:06:02 | 000,000,029 | ---- | M] () -- C:\windows\SysWow64\TempWmicBatchFile.bat
[2013.01.21 11:41:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 11:27:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.21 10:33:27 | 000,198,876 | ---- | M] () -- C:\Users\Martin\Desktop\f---1083.pdf
[2013.01.21 10:33:16 | 000,067,963 | ---- | M] () -- C:\Users\Martin\Desktop\TI-3031_LP.pdf
[2013.01.21 09:20:58 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013.01.21 09:20:09 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 09:20:09 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 09:11:17 | 000,000,280 | ---- | M] () -- C:\windows\tasks\AbelssoftPreloader.job
[2013.01.21 09:11:13 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.01.21 09:10:45 | 4065,890,303 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.20 23:36:39 | 000,001,054 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.20 23:23:24 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.01.20 00:17:46 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto Manager MX Deluxe.lnk
[2013.01.20 00:06:55 | 001,507,170 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.20 00:06:55 | 000,657,676 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.20 00:06:55 | 000,618,912 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.20 00:06:55 | 000,131,016 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.20 00:06:55 | 000,107,232 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.19 23:07:59 | 000,045,083 | ---- | M] () -- C:\Users\Martin\Desktop\CA-Planung.ods
[2013.01.19 09:52:30 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013.01.19 09:35:53 | 000,677,816 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.18 14:39:36 | 000,053,381 | ---- | M] () -- C:\Users\Martin\Desktop\whoa.zip
[2013.01.16 08:36:32 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.15 17:22:30 | 000,021,573 | ---- | M] () -- C:\Users\Martin\Desktop\organigramm 11 2012.pdf
[2013.01.14 12:00:16 | 000,022,660 | ---- | M] () -- C:\Users\Martin\Desktop\Maja Muster.pdf
[2013.01.13 23:06:05 | 000,133,938 | ---- | M] () -- C:\Users\Martin\Desktop\wsfs-alt.jpg
[2013.01.13 22:43:41 | 000,143,547 | ---- | M] () -- C:\Users\Martin\Desktop\256026_473359232685334_1795865310_o.jpg
[2013.01.13 15:46:24 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.01.13 15:12:30 | 000,046,890 | ---- | M] () -- C:\Users\Martin\Desktop\magix.jpg
[2013.01.13 13:54:32 | 000,002,926 | ---- | M] () -- C:\Users\Martin\Desktop\attach.zip
[2013.01.13 13:42:53 | 000,350,559 | ---- | M] () -- C:\Users\Martin\Desktop\avast_antirootkit.jpg
[2013.01.13 13:16:18 | 000,000,865 | ---- | M] () -- C:\Users\Martin\Desktop\ERUNT.lnk
[2013.01.13 10:58:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.01.13 10:58:29 | 000,002,256 | ---- | M] () -- C:\Users\Martin\Desktop\SpyHunter.lnk
[2013.01.12 10:44:35 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\Content Management Utility.lnk
[2013.01.11 18:07:11 | 008,057,590 | ---- | M] () -- C:\Users\Martin\Desktop\Sony NEX-FS700EK.pdf
[2013.01.11 17:32:41 | 000,001,614 | ---- | M] () -- C:\Users\Martin\Desktop\DivX Movies.lnk
[2013.01.11 17:32:08 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.01.11 17:31:35 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.01.10 13:52:06 | 000,120,200 | ---- | M] () -- C:\windows\SysWow64\DLLDEV32i.dll
[2013.01.10 13:51:38 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Plus.lnk
[2013.01.10 10:40:08 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.10 09:41:48 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.01.10 09:41:48 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.09 12:13:46 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Slideshow Maker 2.lnk
[2013.01.04 00:37:09 | 000,000,486 | ---- | M] () -- C:\windows\cdplayer.ini
[2013.01.04 00:30:11 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2013.01.01 17:43:57 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.12.30 02:32:00 | 000,000,927 | ---- | M] () -- C:\Users\Martin\Desktop\MediathekView.exe - Verknüpfung.lnk
[2012.12.30 00:07:16 | 324,011,604 | ---- | M] () -- C:\Users\Martin\Rockpalast-Skunk_Anansie__Rocknacht_Special_2009_-rocknacht_special09_skunk_anansie.flv
[2012.12.29 23:55:51 | 680,228,746 | ---- | M] () -- C:\Users\Martin\Rockpalast-Me_First_&_The_Gimme_Gimmes__Area4_2012_-area4_12_me_first_n_the_gimme_gimmes_web_l.mp4.flv
[2012.12.29 23:48:37 | 740,226,961 | ---- | M] () -- C:\Users\Martin\Rockpalast-Red_Hot_Chili_Peppers__Rock_im_Pott_2012_-120924_rockpalast_chilli_peppers_web_l.mp4.flv
[2012.12.29 23:02:59 | 582,069,925 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda_-_ein_musikalischer_Heimatfilm__2012_-labrassbanda_ein_musikalischer_heimatfilm_web_l.mp4.flv
[2012.12.29 22:49:15 | 1375,369,246 | ---- | M] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Die_Ballade_von_Cenk_und_...-format354323.mp4.flv
[2012.12.29 21:41:57 | 130,667,052 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Reeperbahn_Festival_2010_-reeperbahn_festival10_labrassbanda.mp4.flv
[2012.12.29 21:37:04 | 000,001,082 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
[2012.12.29 21:37:04 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\WinTV 7.lnk
[2012.12.29 21:36:57 | 000,000,209 | ---- | M] () -- C:\windows\ODBCINST.INI
[2012.12.29 21:36:57 | 000,000,135 | ---- | M] () -- C:\windows\ODBC.INI
[2012.12.29 21:36:25 | 000,037,639 | ---- | M] () -- C:\windows\Irremote.ini
[2012.12.29 21:36:25 | 000,000,960 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
[2012.12.29 21:35:06 | 000,007,188 | ---- | M] () -- C:\windows\HCWPNP.INI
[2012.12.29 21:21:28 | 933,834,752 | ---- | M] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Kinderland__FSK___ab_20_Uhr_-format354248.mp4.flv
[2012.12.29 21:21:06 | 021,880,832 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Haldern_Pop_2011_-haldern11_labrassbanda.mp4.flv
[2012.12.27 21:40:02 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.12.27 16:08:10 | 000,000,285 | ---- | M] () -- C:\windows\wininit.ini
[2012.12.27 15:49:16 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.24 13:09:16 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012.12.22 13:52:41 | 000,001,403 | ---- | M] () -- C:\Users\Martin\Desktop\Windows installieren.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.21 10:33:27 | 000,198,876 | ---- | C] () -- C:\Users\Martin\Desktop\f---1083.pdf
[2013.01.21 10:33:15 | 000,067,963 | ---- | C] () -- C:\Users\Martin\Desktop\TI-3031_LP.pdf
[2013.01.21 09:20:58 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013.01.19 09:52:30 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013.01.18 14:39:36 | 000,053,381 | ---- | C] () -- C:\Users\Martin\Desktop\whoa.zip
[2013.01.17 14:38:06 | 000,045,083 | ---- | C] () -- C:\Users\Martin\Desktop\CA-Planung.ods
[2013.01.16 08:36:32 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.15 17:22:30 | 000,021,573 | ---- | C] () -- C:\Users\Martin\Desktop\organigramm 11 2012.pdf
[2013.01.15 09:20:26 | 000,015,473 | ---- | C] () -- C:\Users\Martin\Desktop\WSfS-Arbeit.ods
[2013.01.14 12:00:17 | 000,022,660 | ---- | C] () -- C:\Users\Martin\Desktop\Maja Muster.pdf
[2013.01.13 22:58:14 | 000,133,938 | ---- | C] () -- C:\Users\Martin\Desktop\wsfs-alt.jpg
[2013.01.13 22:43:36 | 000,143,547 | ---- | C] () -- C:\Users\Martin\Desktop\256026_473359232685334_1795865310_o.jpg
[2013.01.13 15:12:25 | 000,046,890 | ---- | C] () -- C:\Users\Martin\Desktop\magix.jpg
[2013.01.13 13:54:32 | 000,002,926 | ---- | C] () -- C:\Users\Martin\Desktop\attach.zip
[2013.01.13 13:42:51 | 000,350,559 | ---- | C] () -- C:\Users\Martin\Desktop\avast_antirootkit.jpg
[2013.01.13 13:16:18 | 000,000,865 | ---- | C] () -- C:\Users\Martin\Desktop\ERUNT.lnk
[2013.01.13 10:58:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.01.13 10:58:32 | 000,022,704 | ---- | C] () -- C:\windows\SysNative\drivers\EsgScanner.sys
[2013.01.13 10:58:29 | 000,002,256 | ---- | C] () -- C:\Users\Martin\Desktop\SpyHunter.lnk
[2013.01.12 10:44:35 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\Content Management Utility.lnk
[2013.01.11 18:07:11 | 008,057,590 | ---- | C] () -- C:\Users\Martin\Desktop\Sony NEX-FS700EK.pdf
[2013.01.11 17:32:41 | 000,001,614 | ---- | C] () -- C:\Users\Martin\Desktop\DivX Movies.lnk
[2013.01.11 17:32:08 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.01.11 17:31:35 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.01.11 17:26:29 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.01.10 13:51:38 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Plus.lnk
[2013.01.10 10:40:08 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.10 10:40:07 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.01.09 12:15:23 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto Manager MX Deluxe.lnk
[2013.01.09 12:13:46 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Slideshow Maker 2.lnk
[2013.01.04 00:30:11 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2012.12.30 02:32:00 | 000,000,927 | ---- | C] () -- C:\Users\Martin\Desktop\MediathekView.exe - Verknüpfung.lnk
[2012.12.29 23:48:41 | 324,011,604 | ---- | C] () -- C:\Users\Martin\Rockpalast-Skunk_Anansie__Rocknacht_Special_2009_-rocknacht_special09_skunk_anansie.flv
[2012.12.29 23:03:03 | 680,228,746 | ---- | C] () -- C:\Users\Martin\Rockpalast-Me_First_&_The_Gimme_Gimmes__Area4_2012_-area4_12_me_first_n_the_gimme_gimmes_web_l.mp4.flv
[2012.12.29 22:49:19 | 740,226,961 | ---- | C] () -- C:\Users\Martin\Rockpalast-Red_Hot_Chili_Peppers__Rock_im_Pott_2012_-120924_rockpalast_chilli_peppers_web_l.mp4.flv
[2012.12.29 21:42:01 | 582,069,925 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda_-_ein_musikalischer_Heimatfilm__2012_-labrassbanda_ein_musikalischer_heimatfilm_web_l.mp4.flv
[2012.12.29 21:37:04 | 000,001,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
[2012.12.29 21:37:04 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\WinTV 7.lnk
[2012.12.29 21:36:25 | 000,000,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
[2012.12.29 21:35:40 | 000,142,337 | ---- | C] () -- C:\windows\SysWow64\Wait.exe
[2012.12.29 21:34:58 | 000,007,188 | ---- | C] () -- C:\windows\HCWPNP.INI
[2012.12.29 21:30:28 | 130,667,052 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Reeperbahn_Festival_2010_-reeperbahn_festival10_labrassbanda.mp4.flv
[2012.12.29 21:30:18 | 1375,369,246 | ---- | C] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Die_Ballade_von_Cenk_und_...-format354323.mp4.flv
[2012.12.29 21:18:59 | 021,880,832 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Haldern_Pop_2011_-haldern11_labrassbanda.mp4.flv
[2012.12.29 20:40:59 | 933,834,752 | ---- | C] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Kinderland__FSK___ab_20_Uhr_-format354248.mp4.flv
[2012.12.29 18:13:46 | 000,149,504 | ---- | C] () -- C:\windows\SysWow64\UNWISE.EXE
[2012.12.29 18:13:11 | 000,037,639 | ---- | C] () -- C:\windows\Irremote.ini
[2012.12.29 18:13:00 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\dmcrypto.dll
[2012.12.29 18:12:22 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012.12.29 18:12:22 | 000,000,135 | ---- | C] () -- C:\windows\ODBC.INI
[2012.12.27 21:40:02 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.12.27 16:08:10 | 000,000,285 | ---- | C] () -- C:\windows\wininit.ini
[2012.12.27 15:49:16 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.27 15:49:16 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.22 13:52:41 | 000,001,403 | ---- | C] () -- C:\Users\Martin\Desktop\Windows installieren.lnk
[2012.11.26 00:30:01 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
[2012.11.26 00:27:28 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
[2012.11.08 08:25:03 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.10.13 14:34:22 | 000,340,480 | ---- | C] () -- C:\windows\SysWow64\K8062e.exe
[2012.10.13 14:34:22 | 000,322,048 | ---- | C] () -- C:\windows\SysWow64\Easylase.dll
[2012.10.13 14:34:22 | 000,301,056 | ---- | C] () -- C:\windows\SysWow64\usbdmxfs.dll
[2012.10.13 14:34:22 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\usb_dll.dll
[2012.10.13 14:34:22 | 000,084,992 | ---- | C] () -- C:\windows\SysWow64\DMX510Vb.dll
[2012.10.13 14:34:22 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\EspionDll.dll
[2012.10.13 14:34:22 | 000,042,496 | ---- | C] () -- C:\windows\SysWow64\K8062D.dll
[2012.10.13 14:34:22 | 000,037,888 | ---- | C] () -- C:\windows\SysWow64\LPT_dmx.dll
[2012.10.13 14:34:22 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\MPUSBAPI.DLL
[2012.10.13 14:34:22 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\usbdmxsi.dll
[2012.10.13 14:34:22 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FASTTime32.dll
[2012.10.13 14:34:22 | 000,003,584 | ---- | C] () -- C:\windows\SysWow64\drivers\dlportio.sys
[2012.10.13 14:34:21 | 000,077,824 | ---- | C] () -- C:\windows\SysWow64\dashardvb.dll
[2012.10.13 14:34:21 | 000,044,544 | ---- | C] () -- C:\windows\SysWow64\dmx60.dll
[2012.10.13 14:34:21 | 000,044,544 | ---- | C] () -- C:\windows\SysWow64\dmx120.dll
[2012.10.13 14:34:21 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\USB.dll
[2012.10.13 14:34:21 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\inpout32.dll
[2012.09.26 12:36:22 | 000,017,408 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db
[2012.09.22 23:14:19 | 000,000,486 | ---- | C] () -- C:\windows\cdplayer.ini
[2012.09.18 20:05:48 | 000,028,160 | ---- | C] () -- C:\Program Files\syslinux.exe
[2012.09.18 20:05:48 | 000,000,237 | ---- | C] () -- C:\Program Files\syslinux.cfg
[2012.09.18 20:05:47 | 000,237,849 | ---- | C] () -- C:\Program Files\grub.exe
[2012.09.17 10:30:01 | 001,044,480 | ---- | C] ( ) -- C:\windows\SysWow64\lmabserv.dll
[2012.09.17 10:30:01 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcomc.dll
[2012.09.17 10:30:01 | 000,593,920 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcoms.exe
[2012.09.17 10:30:01 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcomm.dll
[2012.09.17 10:30:01 | 000,356,352 | ---- | C] ( ) -- C:\windows\SysWow64\lmabhcp.dll
[2012.09.16 17:11:50 | 000,000,396 | ---- | C] () -- C:\windows\hbcikrnl.ini
[2012.09.16 17:11:46 | 000,167,936 | ---- | C] () -- C:\windows\SysWow64\SerialXP.dll
[2012.09.16 17:11:46 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\win32com.dll
[2012.09.16 08:23:56 | 002,469,760 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2012.09.16 08:23:56 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2012.09.16 08:23:56 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2012.09.16 08:23:56 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2012.09.16 08:23:56 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2012.05.10 21:17:42 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012.05.10 19:48:20 | 000,003,226 | ---- | C] () -- C:\windows\HotFixList.ini
[2012.02.06 05:42:56 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012.02.06 05:42:55 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012.02.06 05:42:53 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.02.06 05:42:52 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012.02.02 14:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2011.05.20 10:16:50 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011.05.20 10:16:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011.05.20 10:16:50 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011.05.20 10:16:50 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

**disneykiller** · 2013-01-21, 13:06

and this is the rest: (the last reply was 203 Charakters too long...)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.11.15 19:21:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Abelssoft
[2012.11.24 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Amazon
[2013.01.04 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Audacity
[2012.09.16 17:14:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Buhl Data Service
[2012.09.24 12:51:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Buhl Data Service GmbH
[2012.09.16 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DataDesign
[2013.01.21 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox
[2012.11.12 00:02:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.12.16 16:11:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\fotobuch.de AG
[2012.09.16 17:42:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IrfanView
[2012.10.09 08:49:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Juan M. Aguirregabiria
[2012.09.16 16:39:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LibreOffice
[2013.01.10 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2012.11.07 11:42:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Mushroom Limited
[2012.12.09 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MOBILedit
[2013.01.04 02:44:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mp3tag
[2012.12.19 14:00:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PDF Writer
[2012.12.25 09:27:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\redsn0w
[2012.11.15 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Samsung
[2013.01.09 16:15:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\simplitec
[2013.01.12 12:02:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spotify
[2013.01.12 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2012.09.16 10:58:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird
[2013.01.11 10:15:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2013.01.19 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wacom
[2013.01.19 09:52:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.12.08 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wuala
[2012.11.12 09:58:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\XMedia Recode

========== Purity Check ==========

< End of report >

(now I feel pretty naked

)

**disneykiller** · 2013-01-21, 17:48

as you can see it's still there.
the uninstall tells me to uninstall the add-on. But there is no such add-on...

**oldman960** · 2013-01-22, 07:58

Hi disneykiller,

Next, double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

Code:

:Services

:OTL
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.

Reboot the computer. Any better?

**disneykiller** · 2013-01-22, 17:03

That looks pretty good!

No strange browse-to-save-hyperlinks where they used to appear (facebook, news-pages etc). Well, at least up to now.
Anything else I have to do?

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4201702909-4008549763-78736917-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "Privitize VPN" removed from browser.search.defaultengine
Prefs.js: "Privitize VPN" removed from browser.search.defaultenginename
Prefs.js: "Privitize VPN" removed from browser.search.order.1
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Martin
->Temp folder emptied: 25243902 bytes
->Temporary Internet Files folder emptied: 123481808 bytes
->Java cache emptied: 175236 bytes
->FireFox cache emptied: 459750403 bytes
->Flash cache emptied: 57620 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 190389 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84222 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 155708725 bytes

Total Files Cleaned = 729,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01222013_164308

Files\Folders moved on Reboot...
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\windows\temp\JET6057.tmp moved successfully.
C:\windows\temp\JETAD4E.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

**disneykiller** · 2013-01-22, 19:16

:(

**oldman960** · 2013-01-23, 05:10

Hi disneykiller,

Stubborn little cuss isn't it?

We may have to do this the hard way to find which extension is the problem.

Open fireFox

click FireFox in the top left corner
in the menu highlite Help
click restart with add-on disabled

FireFox will close and reopen. Do some usuall surfing and see if the add still appear.

**oldman960** · 2013-02-22, 22:31

Hi disneykiller,

Sorry abut not getting back to you sooner. It can become quite imbedded and as mentioned may actually be part of an other extension.

We'll clean up the tools now.

From your desktop, please delete, if present

any notepads/logs that we created
aswMBR.exe
mbr.zip
mbr.dat
DDS.scr
SystemLook.exe

Open AdwCleaner and click uninstall.

Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

Next

Create new a Restore Point

Click your Start button
In the Search box type [B]create restore[/B
click on Create a restore point
Click the System Protection tab
click Create
Give your restore point a name and click Create
Wait while Windows creates a system restore point for you

Remove old Restore Points

Click the Start button
In the search box, type Disk Cleanup
in the list of results, click Disk Cleanup
If prompted, select the drive that you want to clean up, and then click OK.
In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
If prompted, select the drive that you want to clean up, and then click OK.
Click the More Options tab
under System Restore and Shadow Copies, click Clean up.
In the Disk Cleanup dialog box, click Delete.
Click Delete Files, and then click OK.

Updates and upgrades

Your java is out of date. Click your start button > Control Panel

Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
when the java console opens click the update tab
Click update now
Decline any additional installs that may be offered during the update.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now.

You can use Spybot to install a Custom Hosts file.
1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE

Please post back if you have any problems.

Take care

Thread: Browse to save

Thread Tools

Display

Hybrid View

new otl-file

it's not gone

Tags for this Thread

Posting Permissions