PDA

View Full Version : Browse to save



disneykiller
2013-01-13, 15:20
Hello! I try to ged rid of "browse to save". I cannot find an Add-on in my firefox-browser. Kaspersky is no help and spybot doesnt find anything.
Here's the dds:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Martin at 13:18:52 on 2013-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7974.4300 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\SysWOW64\cjpcsc.exe
C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\LMabcoms.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\windows\System32\WUDFHost.exe
C:\windows\System32\rundll32.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Martin\AppData\Roaming\Wuala\Wuala.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtbws.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://search.autocompletepro.com/?si=10214&bi=400
uSearch Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
uDefault_Page_URL = hxxp://samsung.msn.com
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
mStart Page = hxxp://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Spotify Web Helper] "C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\Users\Martin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Martin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wuala.lnk - C:\Users\Martin\AppData\Roaming\Wuala\Wuala.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\WinTV\Ir.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINTVR~1.LNK - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:24
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
TCP: NameServer = 192.168.179.1
TCP: Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A} : DHCPNameServer = 192.168.179.1
TCP: Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}\0516474797 : DHCPNameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}\142736F627D2240313440333 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}\2616D626F6F6 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}\3416665602B4C61647373686 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}\44F425D45425F4 : DHCPNameServer = 172.30.3.254
TCP: Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}\75C414E453 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D648904F-7844-46DB-9E63-BE91958D2678} : NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\c49yuloy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - prefs.js: keyword.URL - hxxp://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Jazz-Soft\Jazz-Plugin\npJazz.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-17 12:24; 50cf00df7b572@50cf00df7b5ab.com; C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\c49yuloy.default\extensions\50cf00df7b572@50cf00df7b5ab.com
FF - ExtSQL: 2012-12-30 12:04; IDGARD@jetpack; C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\c49yuloy.default\extensions\IDGARD@jetpack.xpi
FF - ExtSQL: 2013-01-10 12:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\c49yuloy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-11 17:32; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-5-10 80688]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-1 16152]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-5-10 28992]
R1 cbfs3;cbfs3;C:\windows\System32\drivers\cbfs3.sys [2012-12-8 352144]
R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-5-10 23344]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178008]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-10 13824]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\windows\System32\drivers\uim_vimx64.sys [2011-11-17 352816]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r [?]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R2 cjpcsc;cyberJack PC/SC COM Service ;C:\Windows\SysWOW64\cjpcsc.exe [2012-9-16 514128]
R2 CronService;Cron Service for Prey;C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-9-23 79664]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-1-23 1858048]
R2 HauppaugeTVServer;HauppaugeTVServer;C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [2012-12-29 577536]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-5-10 31624]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-27 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-27 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-27 168384]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-17 3467768]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
R3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-12-13 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-5-10 280912]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-6 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-1 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-1 786200]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-10 648808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2011-12-20 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 cjusb;REINER SCT cyberJack USB Driver;C:\windows\System32\drivers\cjusb.sys [2012-9-16 34672]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-11-10 102368]
S3 epmntdrv;epmntdrv;C:\windows\System32\epmntdrv.sys [2012-9-16 16776]
S3 EsgScanner;EsgScanner;C:\windows\System32\drivers\EsgScanner.sys [2013-1-13 22704]
S3 EuGdiDrv;EuGdiDrv;C:\windows\System32\EuGdiDrv.sys [2012-9-16 9096]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\windows\System32\drivers\hcw95bda.sys [2012-12-29 658944]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\windows\System32\drivers\hcw95rc.sys [2012-12-29 19840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-11-10 203104]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
S4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
S4 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-10 128280]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-10 161560]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-10 363800]
S4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
.
=============== Created Last 30 ================
.
2013-01-13 09:58:32 22704 ----a-w- C:\windows\System32\drivers\EsgScanner.sys
2013-01-13 09:58:29 110080 ----a-r- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2013-01-13 09:58:29 110080 ----a-r- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2013-01-13 09:58:29 110080 ----a-r- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2013-01-13 09:58:28 -------- d-----w- C:\sh4ldr
2013-01-13 09:58:28 -------- d-----w- C:\Program Files\Enigma Software Group
2013-01-13 09:57:37 -------- d-----w- C:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-13 09:57:33 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-12 15:29:28 -------- d-----w- C:\Users\Martin\AppData\Roaming\TeamViewer
2013-01-12 09:44:08 -------- d-----w- C:\Program Files (x86)\Sony
2013-01-11 17:28:59 393576 ----a-w- C:\windows\System32\xactengine2_6.dll
2013-01-11 16:31:16 -------- d-----w- C:\Program Files\DivX
2013-01-11 16:31:07 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2013-01-11 16:27:20 -------- d-----w- C:\Program Files (x86)\DivX
2013-01-11 16:26:24 1892184 ----a-w- C:\windows\SysWow64\D3DX9_42.dll
2013-01-11 16:26:23 2414360 ----a-w- C:\windows\SysWow64\d3dx9_31.dll
2013-01-11 16:25:07 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2013-01-11 16:24:10 -------- d-----w- C:\ProgramData\DivX
2013-01-11 16:24:00 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-01-11 16:23:52 -------- d-----w- C:\Users\Martin\AppData\Roaming\OpenCandy
2013-01-10 17:59:20 -------- d-----w- C:\Users\Martin\AppData\Local\Flavio Tordini
2013-01-10 17:58:33 -------- d-----w- C:\Users\Martin\AppData\Local\Musique
2013-01-10 12:52:10 -------- d-----w- C:\Users\Martin\AppData\Local\Xara
2013-01-10 12:42:12 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Shared
2013-01-10 09:40:17 34656 ----a-w- C:\windows\System32\TURegOpt.exe
2013-01-10 09:40:13 25952 ----a-w- C:\windows\System32\authuitu.dll
2013-01-10 09:40:12 21344 ----a-w- C:\windows\SysWow64\authuitu.dll
2013-01-10 09:39:41 -------- d-----w- C:\Users\Martin\AppData\Roaming\TuneUp Software
2013-01-10 09:39:28 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2013
2013-01-10 09:38:37 -------- d-----w- C:\ProgramData\TuneUp Software
2013-01-10 09:38:24 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-10 09:38:24 -------- d--h--w- C:\ProgramData\Common Files
2013-01-09 15:15:12 -------- d-----w- C:\Users\Martin\AppData\Roaming\simplitec
2013-01-09 11:13:51 -------- d-----w- C:\Users\Martin\AppData\Roaming\MAGIX
2013-01-09 11:13:08 -------- d-----w- C:\Program Files (x86)\MAGIX
2013-01-09 11:13:01 -------- d-----w- C:\ProgramData\simplitec
2013-01-09 11:12:56 -------- d-----w- C:\ProgramData\MAGIX
2013-01-09 11:12:55 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2013-01-09 11:12:53 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-01-09 08:02:56 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-01-08 20:28:24 -------- d-----w- C:\Users\Martin\AppData\Local\{35879EB4-B502-4EA8-A806-C52FBC551FE8}
2013-01-03 23:29:41 -------- d-----w- C:\Program Files (x86)\Audiograbber
2013-01-02 12:15:18 -------- d-----w- C:\Users\Martin\AppData\Local\Windows Live
2013-01-02 12:14:56 -------- d-----w- C:\Users\Martin\AppData\Local\{9A8FCBE6-6F7C-4010-A61D-9C5C05AF89D3}
2012-12-30 11:15:33 -------- d-----w- C:\Users\Martin\dwhelper
2012-12-29 20:35:43 38672 ----a-w- C:\windows\SysWow64\pcleUtil.dll
2012-12-29 20:35:40 142337 ----a-w- C:\windows\SysWow64\Wait.exe
2012-12-29 20:35:40 -------- d-----w- C:\Program Files (x86)\WinTV
2012-12-29 20:35:39 -------- d-----w- C:\ProgramData\Hauppauge
2012-12-29 20:18:19 831554 ----a-w- C:\windows\SysWow64\hcwtvwnd.dll
2012-12-29 20:18:19 36921 ----a-w- C:\windows\SysWow64\hcwutl32.dll
2012-12-29 20:18:19 323640 ----a-w- C:\windows\SysWow64\hcwpnp32.dll
2012-12-29 20:18:19 118840 ----a-w- C:\windows\SysWow64\hcwi2c32.dll
2012-12-29 20:00:34 658944 ----a-w- C:\windows\System32\drivers\hcw95bda.sys
2012-12-29 20:00:34 19840 ----a-w- C:\windows\System32\hcw95rc.sys
2012-12-29 20:00:34 19840 ----a-w- C:\windows\System32\drivers\hcw95rc.sys
2012-12-29 20:00:31 -------- d-----w- C:\Hauppauge
2012-12-29 17:25:24 -------- d-----w- C:\Users\Martin\.mediathek3
2012-12-29 17:12:22 -------- d-----w- C:\MyVideos
2012-12-29 17:11:54 995383 ----a-w- C:\windows\SysWow64\temp.002
2012-12-29 17:11:54 77878 ----a-w- C:\windows\SysWow64\temp.000
2012-12-29 17:11:54 278581 ----a-w- C:\windows\SysWow64\temp.001
2012-12-27 20:41:11 -------- d-----w- C:\Users\Martin\.VirtualBox
2012-12-27 20:40:02 237992 ----a-w- C:\windows\System32\drivers\VBoxDrv.sys
2012-12-27 20:39:52 120232 ----a-w- C:\windows\System32\drivers\VBoxUSBMon.sys
2012-12-27 20:39:50 -------- d-----w- C:\Program Files\Oracle
2012-12-27 14:49:21 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-12-27 14:49:12 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2012-12-27 14:49:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-12-25 08:27:18 -------- d-----w- C:\Users\Martin\AppData\Roaming\redsn0w
2012-12-22 02:00:20 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-22 02:00:20 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-22 02:00:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-22 02:00:20 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-21 15:40:41 -------- d--h--r- C:\ESD
2012-12-19 13:47:20 204200 ----a-w- C:\windows\System32\VBoxNetFltNobj.dll
2012-12-19 13:47:20 146856 ----a-w- C:\windows\System32\drivers\VBoxNetFlt.sys
2012-12-19 13:47:20 132008 ----a-w- C:\windows\System32\drivers\VBoxNetAdp.sys
2012-12-19 13:06:51 -------- d-----w- C:\Users\Martin\AppData\Local\PDF Writer
2012-12-19 13:02:09 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-12-19 13:00:51 227840 ----a-w- C:\windows\SysWow64\bzFlRdr.dll
2012-12-19 13:00:51 139264 ----a-w- C:\windows\SysWow64\bzpdfc.dll
2012-12-19 13:00:51 103424 ----a-w- C:\windows\SysWow64\bzDCT.dll
2012-12-19 13:00:51 -------- d-----w- C:\Users\Martin\AppData\Roaming\PDF Writer
2012-12-19 13:00:51 -------- d-----w- C:\ProgramData\PDF Writer
2012-12-19 13:00:51 -------- d-----w- C:\Program Files\Common Files\Bullzip
2012-12-19 13:00:48 218624 ----a-w- C:\windows\System32\bzpdf.dll
2012-12-19 13:00:44 -------- d-----w- C:\Program Files\Bullzip
2012-12-19 13:00:12 -------- d-----w- C:\Users\Martin\AppData\Local\Programs
2012-12-17 11:08:58 -------- d-----w- C:\ProgramData\%Installer_PublisherName%
2012-12-17 11:08:50 -------- d-----w- C:\ProgramData\Premium
2012-12-17 11:08:40 -------- d-----w- C:\Program Files (x86)\ZoomEx
2012-12-17 11:07:05 -------- d-----w- C:\ProgramData\Zoomex
2012-12-17 11:06:57 -------- d-----w- C:\ProgramData\InstallMate
2012-12-17 08:29:07 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-12-16 15:11:13 -------- d-----w- C:\ProgramData\fotobuch.de AG
2012-12-16 15:10:54 -------- d-----w- C:\Users\Martin\AppData\Roaming\fotobuch.de AG
2012-12-16 15:06:35 -------- d-----w- C:\windows\SysWow64\artworks
2012-12-16 15:06:35 -------- d-----w- C:\Program Files (x86)\fotobuch.de
.
==================== Find3M ====================
.
2013-01-13 12:14:31 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat
2013-01-10 12:52:06 120200 ----a-w- C:\windows\SysWow64\DLLDEV32i.dll
2013-01-10 08:41:48 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 08:41:48 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-08 15:43:48 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-08 15:43:47 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-12-08 15:43:47 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-11-16 07:10:34 54104 ----a-w- C:\windows\System32\drivers\kltdi.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-13 20:29:04 354216 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-08 10:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll
2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
2010-08-19 17:22:43 409600 ----a-w- C:\Program Files\rescue2usb.exe
2010-04-01 09:01:34 28160 ----a-w- C:\Program Files\syslinux.exe
2009-10-16 14:43:30 237849 ----a-w- C:\Program Files\grub.exe
2006-05-03 10:06:54 163328 --sha-r- C:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- C:\windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 13:19:29,85 ===============


I saved the registry using ERUNT. Unforunately I cannot send the aswMBR logs, since avast antirootkit always crashes, when it scans (see screenshot).

Any help would be very much appreachiated. I'm surprised that I couldn't find any useful information regarding "browse to save" on the internet. Is it a virus, addware, a trojan... anyway, it sucks.

Thank you in advance,

Disneykiller

oldman960
2013-01-19, 19:53
Hi disneykiller, welcome to the forum.


To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.



Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

disneykiller
2013-01-20, 02:24
Thank you for helping me!

Here are the requested logs:

OTL logfile created on: 20.01.2013 00:59:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,79 Gb Total Physical Memory | 5,68 Gb Available Physical Memory | 72,92% Memory free
15,57 Gb Paging File | 12,98 Gb Available in Paging File | 83,39% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108,05 Gb Total Space | 19,96 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
Drive D: | 798,17 Gb Total Space | 511,85 Gb Free Space | 64,13% Space Free | Partition Type: NTFS
Drive E: | 7,39 Gb Total Space | 7,39 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive F: | 298,08 Gb Total Space | 213,71 Gb Free Space | 71,70% Space Free | Partition Type: NTFS

Computer Name: DISNEYKILLER | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Martin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung Electronics CO., LTD.)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
PRC - C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
PRC - C:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Everything\Everything.exe ()


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabDRS.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabscw.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabcaps.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Everything\Everything.exe ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (lmab_device) -- C:\Windows\SysNative\lmabcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (CronService) -- C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (lmab_device) -- C:\Windows\SysWOW64\lmabcoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DLPortIO) -- C:\windows\SysWow64\drivers\dlportio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{5C74A4D5-B8EB-48D7-B3A7-A274701ED6D3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.autocompletepro.com/?si=10214&bi=400&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://startpage.com/"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bfbfbcf27-b313-47a9-987d-4e1e320afa25%7D:2.0
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.321
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.2
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "http://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@jazz-soft.com/JazzPlugin: C:\Program Files (x86)\Jazz-Soft\Jazz-Plugin\npJazz.dll (Jazz-Soft)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.11 17:32:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.12 12:30:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.12 12:30:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 21:34:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.12 12:30:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.12 12:30:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 21:34:47 | 000,000,000 | ---D | M]

[2012.09.16 10:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2013.01.19 13:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions
[2013.01.11 08:42:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.17 12:09:09 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\50cf00df7b572@50cf00df7b5ab.com
[2013.01.09 10:21:49 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\firefox@ghostery.com
[2012.09.16 10:55:51 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\firejump@firejump.net
[2013.01.08 09:02:20 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\https-everywhere@eff.org
[2012.10.02 20:23:04 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\support@predictad.com
[2013.01.19 13:13:25 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\client@anonymox.net.xpi
[2012.12.30 12:04:41 | 001,014,455 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\IDGARD@jetpack.xpi
[2013.01.16 10:46:16 | 000,389,447 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012.12.11 08:53:36 | 000,160,219 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\socialfixer@mattkruse.com.xpi
[2013.01.19 13:13:27 | 000,533,221 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.04 09:17:56 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2013.01.11 08:42:30 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.26 17:32:10 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.01.16 10:46:20 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.04.26 17:31:50 | 000,021,692 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{fbfbcf27-b313-47a9-987d-4e1e320afa25}.xpi
[2012.04.27 15:53:16 | 000,010,345 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\searchplugins\duckduckgo.xml
[2012.12.17 12:06:43 | 000,002,090 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\searchplugins\Searchab.xml
[2013.01.16 23:00:59 | 000,005,492 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\searchplugins\startpage-https---deutsch.xml
[2013.01.12 12:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.11 17:32:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
[2013.01.12 12:30:56 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.10.02 20:23:04 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
[2012.10.12 08:04:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 08:04:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.12 08:04:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 08:04:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 08:04:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 08:04:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe ( )
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\Martin\AppData\Roaming\Wuala\Wuala.exe (LaCie)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D648904F-7844-46DB-9E63-BE91958D2678}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\spyhunter4.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wuala.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\spyhunter4.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\wuala.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.13 10:58:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90305345-000b-11e2-a4e7-c48508129624}\Shell - "" = AutoRun
O33 - MountPoints2\{90305345-000b-11e2-a4e7-c48508129624}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



Rest of log in next reply

disneykiller
2013-01-20, 02:38
========== Files/Folders - Created Within 30 Days ==========

[2013.01.19 09:52:44 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2013.01.19 09:52:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Wacom
[2013.01.19 09:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2013.01.19 09:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2013.01.19 09:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.19 09:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2013.01.19 09:49:38 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WTablet
[2013.01.19 09:49:37 | 001,326,456 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Pen_Touch_Tablet.dll
[2013.01.19 09:49:37 | 001,107,832 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Pen_Touch_Tablet.dll
[2013.01.19 09:49:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2013.01.19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2013.01.19 09:49:25 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wacommousefilter.sys
[2013.01.19 09:49:14 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wacomvhid.sys
[2013.01.19 09:49:12 | 001,665,400 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Pen_Tablet.dll
[2013.01.19 09:49:12 | 001,401,208 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Wintab32.dll
[2013.01.19 09:49:12 | 001,391,992 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\WacomMT.dll
[2013.01.19 09:49:12 | 001,369,464 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Pen_Tablet.dll
[2013.01.19 09:49:12 | 001,156,472 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Wintab32.dll
[2013.01.19 09:49:12 | 001,152,888 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\WacomMT.dll
[2013.01.19 09:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2013.01.16 08:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.15 10:37:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2013.01.15 10:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2013.01.13 13:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013.01.13 13:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013.01.13 10:58:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.13 10:58:28 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.13 10:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.13 10:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.01.12 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2013.01.12 12:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.12 10:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.01.12 10:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013.01.12 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Content Management Utility
[2013.01.11 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Sony Corporation
[2013.01.11 18:29:22 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2013.01.11 18:29:22 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2013.01.11 18:29:22 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2013.01.11 18:29:22 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2013.01.11 18:29:22 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2013.01.11 18:29:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2013.01.11 18:29:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2013.01.11 18:29:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2013.01.11 18:29:21 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2013.01.11 18:29:21 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2013.01.11 18:29:21 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2013.01.11 18:29:20 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2013.01.11 18:29:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2013.01.11 18:29:20 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2013.01.11 18:29:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2013.01.11 18:29:20 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2013.01.11 18:29:20 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2013.01.11 18:29:20 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2013.01.11 18:29:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2013.01.11 18:29:20 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2013.01.11 18:29:20 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2013.01.11 18:29:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2013.01.11 18:29:19 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2013.01.11 18:29:17 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2013.01.11 18:29:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2013.01.11 18:29:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2013.01.11 18:29:17 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2013.01.11 18:29:17 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2013.01.11 18:29:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2013.01.11 18:29:17 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2013.01.11 18:29:17 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2013.01.11 18:29:16 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2013.01.11 18:29:16 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2013.01.11 18:29:16 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2013.01.11 18:29:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2013.01.11 18:29:14 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2013.01.11 18:29:14 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2013.01.11 18:29:14 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2013.01.11 18:29:14 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2013.01.11 18:29:14 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2013.01.11 18:29:14 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2013.01.11 18:29:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2013.01.11 18:29:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2013.01.11 18:29:13 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2013.01.11 18:29:13 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2013.01.11 18:29:12 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2013.01.11 18:29:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2013.01.11 18:29:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2013.01.11 18:29:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2013.01.11 18:29:10 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2013.01.11 18:29:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2013.01.11 18:29:09 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2013.01.11 18:29:09 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2013.01.11 18:29:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2013.01.11 18:29:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2013.01.11 18:29:08 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2013.01.11 18:29:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2013.01.11 18:29:07 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2013.01.11 18:29:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2013.01.11 18:29:07 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2013.01.11 18:29:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2013.01.11 18:29:04 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2013.01.11 18:29:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2013.01.11 18:29:04 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2013.01.11 18:29:04 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2013.01.11 18:29:04 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2013.01.11 18:29:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2013.01.11 18:29:04 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2013.01.11 18:29:04 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2013.01.11 18:29:03 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2013.01.11 18:29:03 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2013.01.11 18:29:02 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2013.01.11 18:29:02 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2013.01.11 18:29:02 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2013.01.11 18:29:02 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2013.01.11 18:29:02 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2013.01.11 18:29:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2013.01.11 18:29:02 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2013.01.11 18:29:02 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2013.01.11 18:29:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2013.01.11 18:29:02 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2013.01.11 18:29:02 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2013.01.11 18:29:02 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2013.01.11 18:29:01 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2013.01.11 18:29:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2013.01.11 18:29:01 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2013.01.11 18:29:01 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2013.01.11 18:29:01 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2013.01.11 18:29:01 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2013.01.11 18:29:00 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2013.01.11 18:29:00 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2013.01.11 18:29:00 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2013.01.11 18:29:00 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2013.01.11 18:29:00 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2013.01.11 18:29:00 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2013.01.11 18:29:00 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2013.01.11 18:29:00 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2013.01.11 18:29:00 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2013.01.11 18:29:00 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2013.01.11 18:28:59 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2013.01.11 18:28:59 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2013.01.11 18:28:58 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2013.01.11 18:28:58 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2013.01.11 18:28:58 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2013.01.11 18:28:58 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2013.01.11 18:28:57 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll
[2013.01.11 18:28:57 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll
[2013.01.11 18:28:56 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2013.01.11 18:28:56 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2013.01.11 18:28:56 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2013.01.11 18:28:56 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2013.01.11 18:28:56 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2013.01.11 18:28:55 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2013.01.11 18:28:55 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2013.01.11 18:28:55 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2013.01.11 18:28:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2013.01.11 18:28:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2013.01.11 18:28:55 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2013.01.11 18:28:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2013.01.11 18:28:55 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2013.01.11 18:28:54 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2013.01.11 18:28:54 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2013.01.11 18:28:51 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2013.01.11 18:28:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2013.01.11 18:28:50 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2013.01.11 18:28:50 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2013.01.11 18:28:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2013.01.11 18:28:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2013.01.11 18:28:50 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2013.01.11 18:28:50 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2013.01.11 18:28:50 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2013.01.11 18:28:50 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2013.01.11 18:28:49 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2013.01.11 18:28:49 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2013.01.11 18:28:49 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2013.01.11 18:28:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2013.01.11 18:28:49 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2013.01.11 18:28:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2013.01.11 18:28:48 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2013.01.11 18:28:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2013.01.11 17:31:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DivX
[2013.01.11 17:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.01.11 17:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.01.11 17:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.01.11 17:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.01.11 17:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.01.11 17:26:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2013.01.11 17:26:23 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2013.01.11 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013.01.11 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013.01.11 17:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.01.11 17:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.01.11 17:23:52 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\OpenCandy
[2013.01.11 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Winamp
[2013.01.11 17:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.01.10 18:59:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Flavio Tordini
[2013.01.10 18:58:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Musique
[2013.01.10 18:58:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Musique
[2013.01.10 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX_MusicEditor
[2013.01.10 13:52:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Xara
[2013.01.10 13:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2013.01.10 10:40:17 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2013.01.10 10:40:13 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2013.01.10 10:40:12 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2013.01.10 10:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.01.10 10:39:41 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2013.01.10 10:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.01.10 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.10 10:38:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.10 10:38:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.09 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX Downloads
[2013.01.09 23:06:30 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX
[2013.01.09 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\simplitec
[2013.01.09 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX
[2013.01.09 12:13:51 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2013.01.09 12:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.01.09 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2013.01.09 12:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec
[2013.01.09 12:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.01.09 12:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2013.01.09 12:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.09 09:03:29 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013.01.09 09:03:28 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013.01.09 09:03:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013.01.09 09:03:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013.01.09 09:03:15 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013.01.09 09:03:15 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013.01.09 09:03:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013.01.09 09:03:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013.01.09 09:03:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013.01.09 09:03:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013.01.09 09:03:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013.01.09 09:03:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013.01.09 09:03:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013.01.09 09:03:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013.01.09 09:03:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013.01.09 09:03:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013.01.09 09:03:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013.01.09 09:03:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013.01.09 09:03:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013.01.09 09:03:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013.01.09 09:03:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013.01.09 09:03:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013.01.09 09:03:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013.01.09 09:03:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013.01.09 09:03:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013.01.09 09:03:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013.01.09 09:03:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013.01.09 09:03:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013.01.09 09:03:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013.01.09 09:03:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013.01.09 09:03:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013.01.09 09:02:56 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013.01.09 09:02:56 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013.01.09 09:02:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013.01.09 09:02:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013.01.09 09:02:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013.01.09 09:02:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.01.09 09:02:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.01.09 09:02:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013.01.09 09:02:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.01.09 09:02:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013.01.09 09:02:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.01.09 09:02:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 09:02:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 09:02:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.01.09 09:02:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013.01.08 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.08 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{35879EB4-B502-4EA8-A806-C52FBC551FE8}
[2013.01.04 00:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2013.01.04 00:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber
[2013.01.02 13:15:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Windows Live
[2013.01.02 13:14:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{9A8FCBE6-6F7C-4010-A61D-9C5C05AF89D3}
[2013.01.01 17:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2012.12.30 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\shexview-x64
[2012.12.30 12:15:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\dwhelper
[2012.12.29 21:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
[2012.12.29 21:35:43 | 000,038,672 | ---- | C] (PCTV Systems S.à r.l.) -- C:\windows\SysWow64\pcleUtil.dll
[2012.12.29 21:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinTV
[2012.12.29 21:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Hauppauge
[2012.12.29 21:18:19 | 000,831,554 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwtvwnd.dll
[2012.12.29 21:18:19 | 000,323,640 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwpnp32.dll
[2012.12.29 21:18:19 | 000,118,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysWow64\hcwi2c32.dll
[2012.12.29 21:18:19 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwutl32.dll
[2012.12.29 21:00:34 | 000,658,944 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw95bda.sys
[2012.12.29 21:00:34 | 000,019,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\hcw95rc.sys
[2012.12.29 21:00:34 | 000,019,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw95rc.sys
[2012.12.29 21:00:31 | 000,000,000 | ---D | C] -- C:\Hauppauge
[2012.12.29 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\.mediathek3
[2012.12.29 18:13:46 | 002,179,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71d.dll
[2012.12.29 18:13:46 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp71d.dll
[2012.12.29 18:13:46 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr71d.dll
[2012.12.29 18:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IviSDK
[2012.12.29 18:13:00 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.007
[2012.12.29 18:13:00 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSComCt2.ocx
[2012.12.29 18:13:00 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.003
[2012.12.29 18:13:00 | 000,204,800 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\Mdcustoms.ocx
[2012.12.29 18:13:00 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.004
[2012.12.29 18:13:00 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.005
[2012.12.29 18:13:00 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Msinet.ocx
[2012.12.29 18:13:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2012.12.29 18:13:00 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCAL.OCX
[2012.12.29 18:13:00 | 000,069,632 | ---- | C] (Hauppauge Computer Works ) -- C:\windows\SysWow64\3DES.dll
[2012.12.29 18:13:00 | 000,053,248 | ---- | C] (Hauppauge) -- C:\windows\SysWow64\MDCustomPanels.ocx
[2012.12.29 18:13:00 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.008
[2012.12.29 18:13:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.006
[2012.12.29 18:12:22 | 000,000,000 | ---D | C] -- C:\MyVideos
[2012.12.29 18:11:54 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.002
[2012.12.29 18:11:54 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.001
[2012.12.29 18:11:54 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.000
[2012.12.27 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\.VirtualBox
[2012.12.27 21:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.12.27 21:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.12.27 15:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.27 15:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.27 15:49:12 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2012.12.27 15:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.12.25 09:27:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\redsn0w
[2012.12.22 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\dvdcss
[2012.12.22 03:00:20 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.22 03:00:20 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.22 03:00:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.22 03:00:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.21 16:40:41 | 000,000,000 | RH-D | C] -- C:\ESD
[2012.09.18 20:05:47 | 000,409,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\rescue2usb.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========

[2013.01.20 00:41:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.20 00:40:15 | 000,000,029 | ---- | M] () -- C:\windows\SysWow64\TempWmicBatchFile.bat
[2013.01.20 00:17:46 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto Manager MX Deluxe.lnk
[2013.01.20 00:12:12 | 000,015,421 | ---- | M] () -- C:\Users\Martin\Desktop\WSfS-Arbeit.ods
[2013.01.20 00:06:55 | 001,507,170 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.20 00:06:55 | 000,657,676 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.20 00:06:55 | 000,618,912 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.20 00:06:55 | 000,131,016 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.20 00:06:55 | 000,107,232 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.19 23:07:59 | 000,045,083 | ---- | M] () -- C:\Users\Martin\Desktop\CA-Planung.ods
[2013.01.19 16:45:20 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.01.19 16:45:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.19 13:47:44 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.19 13:47:44 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.19 13:39:05 | 000,000,280 | ---- | M] () -- C:\windows\tasks\AbelssoftPreloader.job
[2013.01.19 13:38:56 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.01.19 13:38:30 | 4065,890,303 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.19 09:52:30 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013.01.19 09:35:53 | 000,677,816 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.18 14:39:36 | 000,053,381 | ---- | M] () -- C:\Users\Martin\Desktop\whoa.zip
[2013.01.16 08:36:32 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.16 08:17:01 | 000,001,054 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.15 17:22:30 | 000,021,573 | ---- | M] () -- C:\Users\Martin\Desktop\organigramm 11 2012.pdf
[2013.01.14 12:00:16 | 000,022,660 | ---- | M] () -- C:\Users\Martin\Desktop\Maja Muster.pdf
[2013.01.13 23:06:05 | 000,133,938 | ---- | M] () -- C:\Users\Martin\Desktop\wsfs-alt.jpg
[2013.01.13 22:43:41 | 000,143,547 | ---- | M] () -- C:\Users\Martin\Desktop\256026_473359232685334_1795865310_o.jpg
[2013.01.13 15:46:24 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.01.13 15:12:30 | 000,046,890 | ---- | M] () -- C:\Users\Martin\Desktop\magix.jpg
[2013.01.13 13:54:32 | 000,002,926 | ---- | M] () -- C:\Users\Martin\Desktop\attach.zip
[2013.01.13 13:42:53 | 000,350,559 | ---- | M] () -- C:\Users\Martin\Desktop\avast_antirootkit.jpg
[2013.01.13 13:16:18 | 000,000,865 | ---- | M] () -- C:\Users\Martin\Desktop\ERUNT.lnk
[2013.01.13 10:58:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.01.13 10:58:29 | 000,002,256 | ---- | M] () -- C:\Users\Martin\Desktop\SpyHunter.lnk
[2013.01.12 10:44:35 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\Content Management Utility.lnk
[2013.01.11 18:07:11 | 008,057,590 | ---- | M] () -- C:\Users\Martin\Desktop\Sony NEX-FS700EK.pdf
[2013.01.11 17:32:41 | 000,001,614 | ---- | M] () -- C:\Users\Martin\Desktop\DivX Movies.lnk
[2013.01.11 17:32:08 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.01.11 17:31:35 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.01.10 13:52:06 | 000,120,200 | ---- | M] () -- C:\windows\SysWow64\DLLDEV32i.dll
[2013.01.10 13:51:38 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Plus.lnk
[2013.01.10 10:40:08 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.10 09:41:48 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.01.10 09:41:48 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.09 12:13:46 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Slideshow Maker 2.lnk
[2013.01.04 00:37:09 | 000,000,486 | ---- | M] () -- C:\windows\cdplayer.ini
[2013.01.04 00:30:11 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2013.01.01 17:43:57 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.12.30 02:32:00 | 000,000,927 | ---- | M] () -- C:\Users\Martin\Desktop\MediathekView.exe - Verknüpfung.lnk
[2012.12.30 00:07:16 | 324,011,604 | ---- | M] () -- C:\Users\Martin\Rockpalast-Skunk_Anansie__Rocknacht_Special_2009_-rocknacht_special09_skunk_anansie.flv
[2012.12.29 23:55:51 | 680,228,746 | ---- | M] () -- C:\Users\Martin\Rockpalast-Me_First_&_The_Gimme_Gimmes__Area4_2012_-area4_12_me_first_n_the_gimme_gimmes_web_l.mp4.flv
[2012.12.29 23:48:37 | 740,226,961 | ---- | M] () -- C:\Users\Martin\Rockpalast-Red_Hot_Chili_Peppers__Rock_im_Pott_2012_-120924_rockpalast_chilli_peppers_web_l.mp4.flv
[2012.12.29 23:02:59 | 582,069,925 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda_-_ein_musikalischer_Heimatfilm__2012_-labrassbanda_ein_musikalischer_heimatfilm_web_l.mp4.flv
[2012.12.29 22:49:15 | 1375,369,246 | ---- | M] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Die_Ballade_von_Cenk_und_...-format354323.mp4.flv
[2012.12.29 21:41:57 | 130,667,052 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Reeperbahn_Festival_2010_-reeperbahn_festival10_labrassbanda.mp4.flv
[2012.12.29 21:37:04 | 000,001,082 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
[2012.12.29 21:37:04 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\WinTV 7.lnk
[2012.12.29 21:36:57 | 000,000,209 | ---- | M] () -- C:\windows\ODBCINST.INI
[2012.12.29 21:36:57 | 000,000,135 | ---- | M] () -- C:\windows\ODBC.INI
[2012.12.29 21:36:25 | 000,037,639 | ---- | M] () -- C:\windows\Irremote.ini
[2012.12.29 21:36:25 | 000,000,960 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
[2012.12.29 21:35:06 | 000,007,188 | ---- | M] () -- C:\windows\HCWPNP.INI
[2012.12.29 21:21:28 | 933,834,752 | ---- | M] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Kinderland__FSK___ab_20_Uhr_-format354248.mp4.flv
[2012.12.29 21:21:06 | 021,880,832 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Haldern_Pop_2011_-haldern11_labrassbanda.mp4.flv
[2012.12.27 21:40:02 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.12.27 16:08:10 | 000,000,285 | ---- | M] () -- C:\windows\wininit.ini
[2012.12.27 15:49:16 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.24 13:09:16 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012.12.22 13:52:41 | 000,001,403 | ---- | M] () -- C:\Users\Martin\Desktop\Windows installieren.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.19 09:52:30 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013.01.19 09:49:10 | 000,000,488 | ---- | C] () -- C:\windows\SysNative\PenTouchTabletUserDefaults.xml
[2013.01.19 09:49:10 | 000,000,488 | ---- | C] () -- C:\windows\SysNative\PenTabletUserDefaults.xml
[2013.01.18 14:39:36 | 000,053,381 | ---- | C] () -- C:\Users\Martin\Desktop\whoa.zip
[2013.01.17 14:38:06 | 000,045,083 | ---- | C] () -- C:\Users\Martin\Desktop\CA-Planung.ods
[2013.01.16 08:36:32 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.15 17:22:30 | 000,021,573 | ---- | C] () -- C:\Users\Martin\Desktop\organigramm 11 2012.pdf
[2013.01.15 09:20:26 | 000,015,421 | ---- | C] () -- C:\Users\Martin\Desktop\WSfS-Arbeit.ods
[2013.01.14 12:00:17 | 000,022,660 | ---- | C] () -- C:\Users\Martin\Desktop\Maja Muster.pdf
[2013.01.13 22:58:14 | 000,133,938 | ---- | C] () -- C:\Users\Martin\Desktop\wsfs-alt.jpg
[2013.01.13 22:43:36 | 000,143,547 | ---- | C] () -- C:\Users\Martin\Desktop\256026_473359232685334_1795865310_o.jpg
[2013.01.13 15:12:25 | 000,046,890 | ---- | C] () -- C:\Users\Martin\Desktop\magix.jpg
[2013.01.13 13:54:32 | 000,002,926 | ---- | C] () -- C:\Users\Martin\Desktop\attach.zip
[2013.01.13 13:42:51 | 000,350,559 | ---- | C] () -- C:\Users\Martin\Desktop\avast_antirootkit.jpg
[2013.01.13 13:16:18 | 000,000,865 | ---- | C] () -- C:\Users\Martin\Desktop\ERUNT.lnk
[2013.01.13 10:58:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.01.13 10:58:32 | 000,022,704 | ---- | C] () -- C:\windows\SysNative\drivers\EsgScanner.sys
[2013.01.13 10:58:29 | 000,002,256 | ---- | C] () -- C:\Users\Martin\Desktop\SpyHunter.lnk
[2013.01.12 10:44:35 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\Content Management Utility.lnk
[2013.01.11 18:07:11 | 008,057,590 | ---- | C] () -- C:\Users\Martin\Desktop\Sony NEX-FS700EK.pdf
[2013.01.11 17:32:41 | 000,001,614 | ---- | C] () -- C:\Users\Martin\Desktop\DivX Movies.lnk
[2013.01.11 17:32:08 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.01.11 17:31:35 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.01.11 17:26:29 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.01.10 13:51:38 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Plus.lnk
[2013.01.10 10:40:08 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.10 10:40:07 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.01.09 12:15:23 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto Manager MX Deluxe.lnk
[2013.01.09 12:13:46 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Slideshow Maker 2.lnk
[2013.01.04 00:30:11 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2012.12.30 02:32:00 | 000,000,927 | ---- | C] () -- C:\Users\Martin\Desktop\MediathekView.exe - Verknüpfung.lnk
[2012.12.29 23:48:41 | 324,011,604 | ---- | C] () -- C:\Users\Martin\Rockpalast-Skunk_Anansie__Rocknacht_Special_2009_-rocknacht_special09_skunk_anansie.flv
[2012.12.29 23:03:03 | 680,228,746 | ---- | C] () -- C:\Users\Martin\Rockpalast-Me_First_&_The_Gimme_Gimmes__Area4_2012_-area4_12_me_first_n_the_gimme_gimmes_web_l.mp4.flv
[2012.12.29 22:49:19 | 740,226,961 | ---- | C] () -- C:\Users\Martin\Rockpalast-Red_Hot_Chili_Peppers__Rock_im_Pott_2012_-120924_rockpalast_chilli_peppers_web_l.mp4.flv
[2012.12.29 21:42:01 | 582,069,925 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda_-_ein_musikalischer_Heimatfilm__2012_-labrassbanda_ein_musikalischer_heimatfilm_web_l.mp4.flv
[2012.12.29 21:37:04 | 000,001,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
[2012.12.29 21:37:04 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\WinTV 7.lnk
[2012.12.29 21:36:25 | 000,000,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
[2012.12.29 21:35:40 | 000,142,337 | ---- | C] () -- C:\windows\SysWow64\Wait.exe
[2012.12.29 21:34:58 | 000,007,188 | ---- | C] () -- C:\windows\HCWPNP.INI
[2012.12.29 21:30:28 | 130,667,052 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Reeperbahn_Festival_2010_-reeperbahn_festival10_labrassbanda.mp4.flv
[2012.12.29 21:30:18 | 1375,369,246 | ---- | C] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Die_Ballade_von_Cenk_und_...-format354323.mp4.flv
[2012.12.29 21:18:59 | 021,880,832 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Haldern_Pop_2011_-haldern11_labrassbanda.mp4.flv
[2012.12.29 20:40:59 | 933,834,752 | ---- | C] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Kinderland__FSK___ab_20_Uhr_-format354248.mp4.flv
[2012.12.29 18:13:46 | 000,149,504 | ---- | C] () -- C:\windows\SysWow64\UNWISE.EXE
[2012.12.29 18:13:11 | 000,037,639 | ---- | C] () -- C:\windows\Irremote.ini
[2012.12.29 18:13:00 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\dmcrypto.dll
[2012.12.29 18:12:22 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012.12.29 18:12:22 | 000,000,135 | ---- | C] () -- C:\windows\ODBC.INI
[2012.12.27 21:40:02 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.12.27 16:08:10 | 000,000,285 | ---- | C] () -- C:\windows\wininit.ini
[2012.12.27 15:49:16 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.27 15:49:16 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.22 13:52:41 | 000,001,403 | ---- | C] () -- C:\Users\Martin\Desktop\Windows installieren.lnk
[2012.11.26 00:30:01 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
[2012.11.26 00:27:28 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
[2012.11.08 08:25:03 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.10.13 14:34:22 | 000,340,480 | ---- | C] () -- C:\windows\SysWow64\K8062e.exe
[2012.10.13 14:34:22 | 000,322,048 | ---- | C] () -- C:\windows\SysWow64\Easylase.dll
[2012.10.13 14:34:22 | 000,301,056 | ---- | C] () -- C:\windows\SysWow64\usbdmxfs.dll
[2012.10.13 14:34:22 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\usb_dll.dll
[2012.10.13 14:34:22 | 000,084,992 | ---- | C] () -- C:\windows\SysWow64\DMX510Vb.dll
[2012.10.13 14:34:22 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\EspionDll.dll
[2012.10.13 14:34:22 | 000,042,496 | ---- | C] () -- C:\windows\SysWow64\K8062D.dll
[2012.10.13 14:34:22 | 000,037,888 | ---- | C] () -- C:\windows\SysWow64\LPT_dmx.dll
[2012.10.13 14:34:22 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\MPUSBAPI.DLL
[2012.10.13 14:34:22 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\usbdmxsi.dll
[2012.10.13 14:34:22 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FASTTime32.dll
[2012.10.13 14:34:22 | 000,003,584 | ---- | C] () -- C:\windows\SysWow64\drivers\dlportio.sys
[2012.10.13 14:34:21 | 000,077,824 | ---- | C] () -- C:\windows\SysWow64\dashardvb.dll
[2012.10.13 14:34:21 | 000,044,544 | ---- | C] () -- C:\windows\SysWow64\dmx60.dll
[2012.10.13 14:34:21 | 000,044,544 | ---- | C] () -- C:\windows\SysWow64\dmx120.dll
[2012.10.13 14:34:21 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\USB.dll
[2012.10.13 14:34:21 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\inpout32.dll
[2012.09.26 12:36:22 | 000,017,408 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db
[2012.09.22 23:14:19 | 000,000,486 | ---- | C] () -- C:\windows\cdplayer.ini
[2012.09.18 20:05:48 | 000,028,160 | ---- | C] () -- C:\Program Files\syslinux.exe
[2012.09.18 20:05:48 | 000,000,237 | ---- | C] () -- C:\Program Files\syslinux.cfg
[2012.09.18 20:05:47 | 000,237,849 | ---- | C] () -- C:\Program Files\grub.exe
[2012.09.17 10:30:01 | 001,044,480 | ---- | C] ( ) -- C:\windows\SysWow64\lmabserv.dll
[2012.09.17 10:30:01 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcomc.dll
[2012.09.17 10:30:01 | 000,593,920 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcoms.exe
[2012.09.17 10:30:01 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcomm.dll
[2012.09.17 10:30:01 | 000,356,352 | ---- | C] ( ) -- C:\windows\SysWow64\lmabhcp.dll
[2012.09.16 17:11:50 | 000,000,396 | ---- | C] () -- C:\windows\hbcikrnl.ini
[2012.09.16 17:11:46 | 000,167,936 | ---- | C] () -- C:\windows\SysWow64\SerialXP.dll
[2012.09.16 17:11:46 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\win32com.dll
[2012.09.16 08:23:56 | 002,469,760 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2012.09.16 08:23:56 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2012.09.16 08:23:56 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2012.09.16 08:23:56 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2012.09.16 08:23:56 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2012.05.10 21:17:42 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012.05.10 19:48:20 | 000,003,226 | ---- | C] () -- C:\windows\HotFixList.ini
[2012.02.06 05:42:56 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012.02.06 05:42:55 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012.02.06 05:42:53 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.02.06 05:42:52 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012.02.02 14:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2011.05.20 10:16:50 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011.05.20 10:16:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011.05.20 10:16:50 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011.05.20 10:16:50 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.11.15 19:21:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Abelssoft
[2012.11.24 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Amazon
[2013.01.04 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Audacity
[2012.09.16 17:14:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Buhl Data Service
[2012.09.24 12:51:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Buhl Data Service GmbH
[2012.09.16 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DataDesign
[2013.01.19 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox
[2012.11.12 00:02:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.12.16 16:11:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\fotobuch.de AG
[2012.09.16 17:42:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IrfanView
[2012.10.09 08:49:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Juan M. Aguirregabiria
[2012.09.16 16:39:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LibreOffice
[2013.01.10 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2012.11.07 11:42:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Mushroom Limited
[2012.12.09 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MOBILedit
[2013.01.04 02:44:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mp3tag
[2013.01.11 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenCandy
[2012.12.19 14:00:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PDF Writer
[2012.12.25 09:27:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\redsn0w
[2012.11.15 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Samsung
[2013.01.09 16:15:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\simplitec
[2013.01.12 12:02:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spotify
[2013.01.12 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2012.09.16 10:58:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird
[2013.01.11 10:15:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2013.01.19 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wacom
[2013.01.19 09:52:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.12.08 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wuala
[2012.11.12 09:58:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\XMedia Recode

========== Purity Check ==========



< End of report >


extras.txt in next reply

disneykiller
2013-01-20, 02:39
OTL Extras logfile created on: 20.01.2013 00:59:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,79 Gb Total Physical Memory | 5,68 Gb Available Physical Memory | 72,92% Memory free
15,57 Gb Paging File | 12,98 Gb Available in Paging File | 83,39% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108,05 Gb Total Space | 19,96 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
Drive D: | 798,17 Gb Total Space | 511,85 Gb Free Space | 64,13% Space Free | Partition Type: NTFS
Drive E: | 7,39 Gb Total Space | 7,39 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive F: | 298,08 Gb Total Space | 213,71 Gb Free Space | 71,70% Space Free | Partition Type: NTFS

Computer Name: DISNEYKILLER | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04257622-9EDB-47D2-829B-37493E4C2F31}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{1205D80F-7F42-4D75-9CB7-0F5230177C66}" = rport=445 | protocol=6 | dir=out | app=system |
"{121725CE-0EC3-4189-91DD-45296C57AF40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12305FC4-DD35-48C2-8724-C9F1C8065333}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{131C3E00-3B0F-47C5-8C92-123E4273E209}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{16D08B96-712F-4131-9FCD-1D8A9D9371B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1C5A1573-3132-4B3E-9F2B-150225182637}" = rport=138 | protocol=17 | dir=out | app=system |
"{340A9344-5F8B-4945-8359-22C836B5D11E}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{3C4BA87A-1836-4E6E-9B89-595EE41D7914}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42A1EBB3-CD66-49D9-B3B4-52082257D1F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4527CB4C-E925-4B94-A86D-CC2EC09AB2A9}" = rport=139 | protocol=6 | dir=out | app=system |
"{456D14DF-B935-4C00-B608-3D9183F2F4B8}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{584D06F1-0F6B-4952-9BC9-DED11223CF44}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{5D636C61-1321-4EF2-A8D0-6199F5A03326}" = lport=137 | protocol=17 | dir=in | app=system |
"{5DB286CC-C3FE-43F3-BFE0-7AC30AF1D410}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61566690-D377-4914-BC00-9A9D9CC8A6D5}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{6342E97B-AD2C-45E6-9129-5C960755B373}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87E6E57B-C4D5-4E78-A35B-0010BDD6808D}" = lport=139 | protocol=6 | dir=in | app=system |
"{924033F5-16DD-4B06-B516-65E476ADD8C0}" = lport=138 | protocol=17 | dir=in | app=system |
"{934F749E-57D5-45A9-9D73-C4624713BE4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95EAD124-6FCA-4E3E-92B7-EC8B9A72EF8F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{991D2B28-401C-4005-953C-550457C8532C}" = lport=445 | protocol=6 | dir=in | app=system |
"{9F774D36-3662-4AEF-8838-8C5E2C7F53D9}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8A260B0-BC74-45C5-A289-8FD913029BB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B80F9D3F-A75A-46F0-9E90-FF1EECEBC199}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C5D84890-FCD9-4EC4-B3F2-01AD9B7C78BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA55A144-49B8-4957-9B9F-0622FBC67C69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4147F32-FC73-4418-8AA6-537021AEF6B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0BE1F69-3B64-4224-8CAC-A10ED2D82474}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1D20178-62C9-4ADE-BC8E-FAAF0ECBD95C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F9057DCF-1949-4B77-A334-930C65F52736}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033358F3-0EA2-415B-A142-CC018A1AC944}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{044E2122-9032-4D7B-8E16-4E22371E386B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{059EFD2B-AEA8-49C5-9652-BE55ED6A0E29}" = protocol=6 | dir=out | app=system |
"{0E734584-7657-4846-9F59-AA8229C0110C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0FBA0223-86DF-4281-86B9-DC146161864E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{19390803-B17D-4C2F-AAF9-A29091722299}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D8D41D3-D41C-4560-9CD3-E22A0BA9EBD8}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{1F477350-FDAA-4ADB-AAC5-B6FA8BA47EBF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21BF75FA-4422-4428-9209-0CCC8353A561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2D2ECA4E-02C7-47E7-9DF4-BE9E63A41DBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3142B7E8-5AA3-4DB7-8EF7-BD259F0182A9}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{38A53788-AD34-4429-A585-67AA556F0D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{3E663F84-DD83-4B13-AC35-B50C49904FDB}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
"{3FCCB8CA-E73F-4F5E-9069-52A8DD4420E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{524C92BE-5526-4B04-AAF0-6408176E137A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{53A8AC6F-66B1-4D94-9A21-B90E7DCB0272}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{557D447B-F941-462A-9D70-45E7CDD465DE}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"{5A53D20D-28F1-4374-B6FF-BA081C22440B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6E2F4858-28B5-4AE1-97F3-09B3F4A8C0ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{795E824C-598E-45A8-BD74-0DBBA98B3311}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{798271F5-9108-42F6-806A-F6A4A11E75AC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{84633B20-5FCD-4683-9A7F-1DAA0DFF13ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8519E2D9-4704-4148-841A-8390CCF2349B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86B7B9FB-8F00-428B-A7E9-137EF2F4FCA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8881502E-9C34-47BE-8CDB-5F8F276F013E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{8BE7CF0D-2FF9-4FB1-A04D-4FB02BF44FB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FD27511-5C34-437C-AE9F-637284B27320}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{92224EFF-069C-4B5D-B907-C306410D060E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{93BDCBA2-AEC2-4A6C-82F7-961F3C72DC41}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{93EA3BAD-EEFA-4FBC-ACB5-472030B88BB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{99BC93C8-32F5-4503-B48F-9BAD79985F2C}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"{9B955495-B9BF-4C07-97C9-41AF0B24A60F}" = dir=in | app=c:\windows\system32\lmabcoms.exe |
"{9E39FB90-9DC2-4128-9A6F-D92413686B30}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A069EB67-EC2F-4B8C-8150-C05347AE75E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A48DAFCF-C3B6-49FE-B3EF-8423322C134F}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{AB555186-74B6-467F-AFC2-C0D076E256D2}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{ACDE1488-87AD-462A-B092-518B86EE0A82}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{B5EAE3BD-4187-4EF6-AE7A-8C834B55963B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCDC3B11-2B58-4EFE-A19D-9900A27CA398}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{C5411234-FD79-4F07-BB96-7539753FF7C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C697FA02-EF61-4A1D-8CAE-073D9DE33F19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D3EEC4A8-9419-4A65-808E-42AE4B5197FB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D88A6B85-C8A8-4E63-8846-15B11C907FA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDCAF19C-B3FE-4000-B852-8DBA62E6B457}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE913019-A8E8-47B2-9934-D5716AE6A18F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF269529-CEA7-4BE0-9446-965923844368}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1C530BB-394C-4314-A6ED-F42834FE7CA8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{142211B0-761F-419C-ABBA-1AF0B68B30F0}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1CF5D5EE-B230-47B5-8D7C-8B21606AF6FF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{9D3513DE-5DB1-4391-AB71-B91CC0F988C0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{F86DDF63-05BE-4983-A8F8-37C78D7B5D2D}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{2B9CA7F6-64A9-4346-9238-CDC3604A8D66}" = MAGIX Video deluxe 2013 Plus
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{3C48BC2C-D2A2-4881-AFF7-7D7EDB2C87EC}" = MAGIX Foto Manager MX Deluxe Update
"{3DCF00F5-04A5-4543-A088-705480811206}_is1" = Compiled Driver Disk (Samsung) 1.0
"{3DCF00F5-04A5-4543-A088-70548081120D}_is1" = Compiled Driver Disk (Apple) 1.0
"{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}" = MAGIX Slideshow Maker 2
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E6FF6CD-9CF3-4434-BB5D-24943FD54FFC}" = MAGIX Foto Manager MX Deluxe
"{6EBA183A-EFD3-4FF4-BC00-9A9B97EA7A10}" = MAGIX Speed burnR (MSI)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{759A91E8-0024-45F3-A8F3-CDC5E13B4425}_is1" = Compiled Driver Disk (Android) 1.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}" = SpyHunter
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7E72ECA-AE71-1865-FA8E-E6537C040C3C}" = ZoomEx
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1" = Phone Drivers Downloader 1.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}" = ExpressCache
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"Elantech" = ETDWare PS/2-X64 10.7.16.1_WHQL
"Lexmark_HostCD" = Lexmark Software deinstallieren
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"ProInst" = Intel PROSet Wireless
"VLC media player" = VLC media player 2.0.2
"ZoomEx" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{119B7882-19D7-4BE7-A417-29BB479D3ABE}" = Multimedia POP
"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A834332-A9EE-440C-9505-2D07F445F05A}" = MOBILedit! Support Libraries
"{1C92BD87-DC1B-4C4E-BFB4-2C79E88FA752}" = Jazz-Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1" = MOBILedit! ver. 6.9.0.2848
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53820F89-063F-10D7-7457-06C201F4CBF0}" =
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5D8EDA13-0DF8-49C7-B8D0-1EF16B29C2BC}" = Content Management Utility
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66C26636-3B68-4B60-B2CB-5CDB89E16DD7}" = Easy Phone Sync
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{833F99E1-D2A5-49EA-A71D-1D5924110708}_is1" = BC Manager 2.4.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{DAC580DB-6629-43B9-98DD-8BABA515B958}" = WISO Mein Geld 2013 Professional
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.0
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EDE7A262-DB20-4432-A630-2ACEE186C416}" = Easy Migration
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"AutocompletePro3_is1" = AutocompletePro
"Bamboo Dock" = Bamboo Dock
"Designer 2.0_is1" = Designer 2.0
"Directory Compare_is1" = Directory Compare
"DivX Setup" = DivX-Setup
"DramaQueen" = DramaQueen
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ERUNT_is1" = ERUNT 1.1j
"Everything" = Everything 1.2.1.371
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"FreeStyler_is1" = FreeStyler
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"LAME_is1" = LAME v3.99.3 (for Windows)
"MAGIX_{2B9CA7F6-64A9-4346-9238-CDC3604A8D66}" = MAGIX Video deluxe 2013 Plus
"MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}" = MAGIX Slideshow Maker 2
"MAGIX_{6E6FF6CD-9CF3-4434-BB5D-24943FD54FFC}" = MAGIX Foto Manager MX Deluxe
"MAGIX_{6EBA183A-EFD3-4FF4-BC00-9A9B97EA7A10}" = MAGIX Speed burnR (MSI)
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"Office14.SingleImage" = Microsoft Office Professional 2010
"Picasa 3" = Picasa 3
"SP_5dec30d7" =
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WashAndGo_is1" = WashAndGo
"Winamp" = Winamp
"WISO Mein Geld 2013 Professional" = WISO Mein Geld 2013 Professional
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Musique" = Musique
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wuala" = Wuala

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.01.2013 03:38:17 | Computer Name = disneykiller | Source = WinMgmt | ID = 10
Description =

Error - 18.01.2013 04:46:35 | Computer Name = disneykiller | Source = WinMgmt | ID = 10
Description =

Error - 18.01.2013 04:46:36 | Computer Name = disneykiller | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
13.0.3000.132, Zeitstempel: 0x50b779bd Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe,
Version: 13.0.3000.132, Zeitstempel: 0x50b779bd Ausnahmecode: 0xc0000005 Fehleroffset:
0x000000000001cbe6 ID des fehlerhaften Prozesses: 0x9b4 Startzeit der fehlerhaften
Anwendung: 0x01cdf5584c77e21f Pfad der fehlerhaften Anwendung: C:\Program Files
(x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe Berichtskennung:
90d54230-614b-11e2-9743-08002700ac0b

Error - 19.01.2013 04:36:04 | Computer Name = disneykiller | Source = WinMgmt | ID = 10
Description =

Error - 19.01.2013 08:16:33 | Computer Name = disneykiller | Source = WinMgmt | ID = 10
Description =

Error - 19.01.2013 08:38:52 | Computer Name = disneykiller | Source = WinMgmt | ID = 10
Description =

Error - 19.01.2013 18:37:44 | Computer Name = disneykiller | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: shlxthdl_x64.dll, Version:
3.6.1.2, Zeitstempel: 0x5034bc94 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001b1bf
ID
des fehlerhaften Prozesses: 0x1244 Startzeit der fehlerhaften Anwendung: 0x01cdf641f1c115ad
Pfad
der fehlerhaften Anwendung: C:\windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\LibreOffice 3.6\program\shlxthdl\shlxthdl_x64.dll Berichtskennung:
d6d4806b-6288-11e2-bc21-08002700ac0b

Error - 19.01.2013 18:39:35 | Computer Name = disneykiller | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: shlxthdl_x64.dll, Version:
3.6.1.2, Zeitstempel: 0x5034bc94 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001b1bf
ID
des fehlerhaften Prozesses: 0x1ac0 Startzeit der fehlerhaften Anwendung: 0x01cdf6959d040f05
Pfad
der fehlerhaften Anwendung: C:\windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\LibreOffice 3.6\program\shlxthdl\shlxthdl_x64.dll Berichtskennung:
18e90793-6289-11e2-bc21-08002700ac0b

Error - 19.01.2013 18:39:54 | Computer Name = disneykiller | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: shlxthdl_x64.dll, Version:
3.6.1.2, Zeitstempel: 0x5034bc94 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001b1bf
ID
des fehlerhaften Prozesses: 0x1e34 Startzeit der fehlerhaften Anwendung: 0x01cdf695df95b579
Pfad
der fehlerhaften Anwendung: C:\windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\LibreOffice 3.6\program\shlxthdl\shlxthdl_x64.dll Berichtskennung:
247852e6-6289-11e2-bc21-08002700ac0b

Error - 19.01.2013 18:41:58 | Computer Name = disneykiller | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: shlxthdl_x64.dll, Version:
3.6.1.2, Zeitstempel: 0x5034bc94 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001b1bf
ID
des fehlerhaften Prozesses: 0x226c Startzeit der fehlerhaften Anwendung: 0x01cdf695e9d6d5ce
Pfad
der fehlerhaften Anwendung: C:\windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\LibreOffice 3.6\program\shlxthdl\shlxthdl_x64.dll Berichtskennung:
6e260b7b-6289-11e2-bc21-08002700ac0b

[ Spybot - Search and Destroy Events ]
Error - 27.12.2012 11:08:11 | Computer Name = disneykiller | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 30.12.2012 09:57:23 | Computer Name = disneykiller | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 13.01.2013 06:50:34 | Computer Name = disneykiller | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 19.01.2013 04:35:56 | Computer Name = disneykiller | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DriverLINX Port I/O Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1275

Error - 19.01.2013 04:37:04 | Computer Name = disneykiller | Source = DCOM | ID = 10016
Description =

Error - 19.01.2013 08:16:21 | Computer Name = disneykiller | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\DLPortIO.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 19.01.2013 08:16:21 | Computer Name = disneykiller | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DriverLINX Port I/O Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1275

Error - 19.01.2013 08:17:33 | Computer Name = disneykiller | Source = DCOM | ID = 10016
Description =

Error - 19.01.2013 08:38:39 | Computer Name = disneykiller | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\DLPortIO.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 19.01.2013 08:38:39 | Computer Name = disneykiller | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DriverLINX Port I/O Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1275

Error - 19.01.2013 08:39:52 | Computer Name = disneykiller | Source = DCOM | ID = 10016
Description =

Error - 19.01.2013 08:42:12 | Computer Name = disneykiller | Source = DCOM | ID = 10010
Description =

Error - 19.01.2013 19:12:43 | Computer Name = disneykiller | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


< End of report >

oldman960
2013-01-20, 20:22
Hi disneykiller,

What do you know about Privitize VPN?


Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Right click on AdwCleaner.exe and click "Run as Administrator" to run the tool.
Click on Delete.
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply


http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg


Any better?

disneykiller
2013-01-21, 00:49
Hi, here's the Adwcleaner-log.

Privatize VPN seems to be a virtual private network. Google says it comes from piratebay?
Here's one answer I found:
"Hate to tell you this but "Privitize VPN" is Malware, your computer is INFECTED. Just by visiting the site, a Trojan is downloaded. From there, no telling what all else is installed.
Suggested removal tools:
Malwarebytes' Antimalware(FREE)"

I dont trust that. Is it on my pc? How can I get rid of it?

Don't know by now it its any better now. Browse to saves only comes up now and then. But I'm pretty excited. Thank you for your help!

oldman960
2013-01-21, 12:31
Hi disneykiller,

If you had to google it it's unlikely you knowingly installed it. It does seem to go hand in hand with some of the adware you had on your computer. We can take care of it.

Let's see what's left.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the box beside "scan all users"
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt, no Extras.Txt this time.

disneykiller
2013-01-21, 14:03
Here we go: part 1

OTL logfile created on: 21.01.2013 12:22:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,79 Gb Total Physical Memory | 5,72 Gb Available Physical Memory | 73,41% Memory free
15,57 Gb Paging File | 12,97 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108,05 Gb Total Space | 19,73 Gb Free Space | 18,26% Space Free | Partition Type: NTFS
Drive D: | 798,17 Gb Total Space | 511,66 Gb Free Space | 64,10% Space Free | Partition Type: NTFS
Drive E: | 7,39 Gb Total Space | 6,83 Gb Free Space | 92,32% Space Free | Partition Type: FAT32

Computer Name: DISNEYKILLER | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Martin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung Electronics CO., LTD.)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
PRC - C:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Everything\Everything.exe ()


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabDRS.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabscw.dll ()
MOD - C:\Program Files\Lexmark\Monitor\ACB\LMabcaps.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Everything\Everything.exe ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (WTabletServiceCon) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV:64bit: - (lmab_device) -- C:\Windows\SysNative\lmabcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (CronService) -- C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (lmab_device) -- C:\Windows\SysWOW64\lmabcoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DLPortIO) -- C:\windows\SysWow64\drivers\dlportio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5C74A4D5-B8EB-48D7-B3A7-A274701ED6D3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14&q={searchTerms}
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://startpage.com/"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bfbfbcf27-b313-47a9-987d-4e1e320afa25%7D:2.0
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.321
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.2
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@jazz-soft.com/JazzPlugin: C:\Program Files (x86)\Jazz-Soft\Jazz-Plugin\npJazz.dll (Jazz-Soft)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 12:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.11 17:32:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 01:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 01:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 21:34:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 01:20:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 01:20:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 21:34:47 | 000,000,000 | ---D | M]

[2012.09.16 10:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2013.01.20 23:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions
[2013.01.11 08:42:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.17 12:09:09 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\50cf00df7b572@50cf00df7b5ab.com
[2013.01.09 10:21:49 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\firefox@ghostery.com
[2012.09.16 10:55:51 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\firejump@firejump.net
[2013.01.08 09:02:20 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\https-everywhere@eff.org
[2012.10.02 20:23:04 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\c49yuloy.default\extensions\support@predictad.com
[2013.01.19 13:13:25 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\client@anonymox.net.xpi
[2012.12.30 12:04:41 | 001,014,455 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\IDGARD@jetpack.xpi
[2013.01.16 10:46:16 | 000,389,447 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012.12.11 08:53:36 | 000,160,219 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\socialfixer@mattkruse.com.xpi
[2013.01.19 13:13:27 | 000,533,221 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.04 09:17:56 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2013.01.11 08:42:30 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.26 17:32:10 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.01.16 10:46:20 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.04.26 17:31:50 | 000,021,692 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\extensions\{fbfbcf27-b313-47a9-987d-4e1e320afa25}.xpi
[2012.04.27 15:53:16 | 000,010,345 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\searchplugins\duckduckgo.xml
[2013.01.20 01:12:52 | 000,005,492 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\c49yuloy.default\searchplugins\startpage-https---deutsch.xml
[2013.01.20 01:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.11 17:32:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2012.12.20 12:09:16 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
[2013.01.20 01:20:22 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.10.02 20:23:04 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
[2012.10.12 08:04:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 08:04:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.12 08:04:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 08:04:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 08:04:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 08:04:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4201702909-4008549763-78736917-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4201702909-4008549763-78736917-1001..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe ( )
O4 - HKU\S-1-5-21-4201702909-4008549763-78736917-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4201702909-4008549763-78736917-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\Martin\AppData\Roaming\Wuala\Wuala.exe (LaCie)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4201702909-4008549763-78736917-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E31218D-361B-4872-9F7F-D0C36B9F2B8A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D648904F-7844-46DB-9E63-BE91958D2678}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\spyhunter4.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wuala.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\spyhunter4.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\wuala.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.13 10:58:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90305345-000b-11e2-a4e7-c48508129624}\Shell - "" = AutoRun
O33 - MountPoints2\{90305345-000b-11e2-a4e7-c48508129624}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


to be continued...

disneykiller
2013-01-21, 14:05
and part two:


========== Files/Folders - Created Within 30 Days ==========

[2013.01.21 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Evernote
[2013.01.21 09:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2013.01.21 09:06:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2013.01.21 09:06:31 | 000,015,776 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wacomrouterfilter.sys
[2013.01.21 09:06:29 | 000,081,312 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wachidrouter.sys
[2013.01.21 09:06:29 | 000,013,728 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\hidkmdf.sys
[2013.01.20 01:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.19 09:52:44 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2013.01.19 09:52:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Wacom
[2013.01.19 09:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2013.01.19 09:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2013.01.19 09:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.19 09:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2013.01.19 09:49:38 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WTablet
[2013.01.19 09:49:37 | 001,974,656 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Pen_Touch_Tablet.dll
[2013.01.19 09:49:37 | 001,621,888 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Pen_Touch_Tablet.dll
[2013.01.19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2013.01.19 09:49:25 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wacommousefilter.sys
[2013.01.19 09:49:14 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\windows\SysNative\drivers\wacomvhid.sys
[2013.01.19 09:49:12 | 001,981,824 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Pen_Tablet.dll
[2013.01.19 09:49:12 | 001,844,096 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\Wintab32.dll
[2013.01.19 09:49:12 | 001,841,024 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysNative\WacomMT.dll
[2013.01.19 09:49:12 | 001,629,056 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Pen_Tablet.dll
[2013.01.19 09:49:12 | 001,510,272 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\Wintab32.dll
[2013.01.19 09:49:12 | 001,506,176 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\SysWow64\WacomMT.dll
[2013.01.19 09:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2013.01.16 08:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.15 10:37:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2013.01.15 10:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2013.01.13 13:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013.01.13 13:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013.01.13 10:58:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.13 10:58:28 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.13 10:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.13 10:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.01.12 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2013.01.12 10:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.01.12 10:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013.01.12 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Content Management Utility
[2013.01.11 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Sony Corporation
[2013.01.11 18:29:22 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2013.01.11 18:29:22 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2013.01.11 18:29:22 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2013.01.11 18:29:22 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2013.01.11 18:29:22 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2013.01.11 18:29:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2013.01.11 18:29:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2013.01.11 18:29:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2013.01.11 18:29:21 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2013.01.11 18:29:21 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2013.01.11 18:29:21 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2013.01.11 18:29:20 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2013.01.11 18:29:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2013.01.11 18:29:20 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2013.01.11 18:29:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2013.01.11 18:29:20 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2013.01.11 18:29:20 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2013.01.11 18:29:20 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2013.01.11 18:29:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2013.01.11 18:29:20 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2013.01.11 18:29:20 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2013.01.11 18:29:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2013.01.11 18:29:19 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2013.01.11 18:29:17 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2013.01.11 18:29:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2013.01.11 18:29:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2013.01.11 18:29:17 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2013.01.11 18:29:17 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2013.01.11 18:29:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2013.01.11 18:29:17 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2013.01.11 18:29:17 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2013.01.11 18:29:16 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2013.01.11 18:29:16 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2013.01.11 18:29:16 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2013.01.11 18:29:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2013.01.11 18:29:14 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2013.01.11 18:29:14 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2013.01.11 18:29:14 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2013.01.11 18:29:14 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2013.01.11 18:29:14 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2013.01.11 18:29:14 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2013.01.11 18:29:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2013.01.11 18:29:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2013.01.11 18:29:13 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2013.01.11 18:29:13 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2013.01.11 18:29:12 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2013.01.11 18:29:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2013.01.11 18:29:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2013.01.11 18:29:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2013.01.11 18:29:10 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2013.01.11 18:29:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2013.01.11 18:29:09 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2013.01.11 18:29:09 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2013.01.11 18:29:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2013.01.11 18:29:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2013.01.11 18:29:08 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2013.01.11 18:29:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2013.01.11 18:29:07 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2013.01.11 18:29:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2013.01.11 18:29:07 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2013.01.11 18:29:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2013.01.11 18:29:04 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2013.01.11 18:29:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2013.01.11 18:29:04 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2013.01.11 18:29:04 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2013.01.11 18:29:04 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2013.01.11 18:29:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2013.01.11 18:29:04 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2013.01.11 18:29:04 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2013.01.11 18:29:03 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2013.01.11 18:29:03 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2013.01.11 18:29:02 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2013.01.11 18:29:02 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2013.01.11 18:29:02 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2013.01.11 18:29:02 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2013.01.11 18:29:02 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2013.01.11 18:29:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2013.01.11 18:29:02 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2013.01.11 18:29:02 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2013.01.11 18:29:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2013.01.11 18:29:02 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2013.01.11 18:29:02 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2013.01.11 18:29:02 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2013.01.11 18:29:01 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2013.01.11 18:29:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2013.01.11 18:29:01 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2013.01.11 18:29:01 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2013.01.11 18:29:01 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2013.01.11 18:29:01 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2013.01.11 18:29:00 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2013.01.11 18:29:00 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2013.01.11 18:29:00 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2013.01.11 18:29:00 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2013.01.11 18:29:00 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2013.01.11 18:29:00 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2013.01.11 18:29:00 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2013.01.11 18:29:00 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2013.01.11 18:29:00 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2013.01.11 18:29:00 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2013.01.11 18:28:59 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2013.01.11 18:28:59 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2013.01.11 18:28:58 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2013.01.11 18:28:58 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2013.01.11 18:28:58 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2013.01.11 18:28:58 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2013.01.11 18:28:57 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll
[2013.01.11 18:28:57 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll
[2013.01.11 18:28:56 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2013.01.11 18:28:56 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2013.01.11 18:28:56 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2013.01.11 18:28:56 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2013.01.11 18:28:56 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2013.01.11 18:28:55 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2013.01.11 18:28:55 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2013.01.11 18:28:55 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2013.01.11 18:28:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2013.01.11 18:28:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2013.01.11 18:28:55 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2013.01.11 18:28:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2013.01.11 18:28:55 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2013.01.11 18:28:54 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2013.01.11 18:28:54 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2013.01.11 18:28:51 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2013.01.11 18:28:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2013.01.11 18:28:50 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2013.01.11 18:28:50 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2013.01.11 18:28:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2013.01.11 18:28:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2013.01.11 18:28:50 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2013.01.11 18:28:50 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2013.01.11 18:28:50 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2013.01.11 18:28:50 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2013.01.11 18:28:49 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2013.01.11 18:28:49 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2013.01.11 18:28:49 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2013.01.11 18:28:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2013.01.11 18:28:49 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2013.01.11 18:28:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2013.01.11 18:28:48 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2013.01.11 18:28:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2013.01.11 17:31:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DivX
[2013.01.11 17:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.01.11 17:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.01.11 17:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.01.11 17:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.01.11 17:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.01.11 17:26:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2013.01.11 17:26:23 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2013.01.11 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013.01.11 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013.01.11 17:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.01.11 17:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.01.11 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Winamp
[2013.01.11 17:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.01.10 18:59:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Flavio Tordini
[2013.01.10 18:58:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Musique
[2013.01.10 18:58:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Musique
[2013.01.10 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX_MusicEditor
[2013.01.10 13:52:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Xara
[2013.01.10 13:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2013.01.10 10:40:17 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2013.01.10 10:40:13 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2013.01.10 10:40:12 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2013.01.10 10:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.01.10 10:39:41 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2013.01.10 10:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.01.10 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.10 10:38:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.10 10:38:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.09 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX Downloads
[2013.01.09 23:06:30 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX
[2013.01.09 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\simplitec
[2013.01.09 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX
[2013.01.09 12:13:51 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2013.01.09 12:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.01.09 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2013.01.09 12:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec
[2013.01.09 12:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.01.09 12:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2013.01.09 12:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.09 09:03:29 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013.01.09 09:03:28 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013.01.09 09:03:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013.01.09 09:03:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013.01.09 09:03:15 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013.01.09 09:03:15 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013.01.09 09:03:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013.01.09 09:03:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013.01.09 09:03:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013.01.09 09:03:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013.01.09 09:03:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013.01.09 09:03:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013.01.09 09:03:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013.01.09 09:03:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013.01.09 09:03:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013.01.09 09:03:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013.01.09 09:03:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013.01.09 09:03:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013.01.09 09:03:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013.01.09 09:03:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013.01.09 09:03:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013.01.09 09:03:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013.01.09 09:03:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013.01.09 09:03:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013.01.09 09:03:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013.01.09 09:03:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013.01.09 09:03:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013.01.09 09:03:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013.01.09 09:03:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013.01.09 09:03:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013.01.09 09:03:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013.01.09 09:03:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013.01.09 09:02:56 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013.01.09 09:02:56 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013.01.09 09:02:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013.01.09 09:02:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013.01.09 09:02:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013.01.09 09:02:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.01.09 09:02:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.01.09 09:02:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013.01.09 09:02:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.01.09 09:02:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013.01.09 09:02:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.01.09 09:02:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 09:02:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 09:02:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 09:02:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 09:02:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 09:02:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.01.09 09:02:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013.01.08 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.08 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{35879EB4-B502-4EA8-A806-C52FBC551FE8}
[2013.01.04 00:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2013.01.04 00:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber
[2013.01.02 13:15:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Windows Live
[2013.01.02 13:14:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{9A8FCBE6-6F7C-4010-A61D-9C5C05AF89D3}
[2013.01.01 17:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2012.12.30 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\shexview-x64
[2012.12.30 12:15:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\dwhelper
[2012.12.29 21:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
[2012.12.29 21:35:43 | 000,038,672 | ---- | C] (PCTV Systems S.à r.l.) -- C:\windows\SysWow64\pcleUtil.dll
[2012.12.29 21:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinTV
[2012.12.29 21:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Hauppauge
[2012.12.29 21:18:19 | 000,831,554 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwtvwnd.dll
[2012.12.29 21:18:19 | 000,323,640 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwpnp32.dll
[2012.12.29 21:18:19 | 000,118,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysWow64\hcwi2c32.dll
[2012.12.29 21:18:19 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\hcwutl32.dll
[2012.12.29 21:00:34 | 000,658,944 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw95bda.sys
[2012.12.29 21:00:34 | 000,019,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\hcw95rc.sys
[2012.12.29 21:00:34 | 000,019,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw95rc.sys
[2012.12.29 21:00:31 | 000,000,000 | ---D | C] -- C:\Hauppauge
[2012.12.29 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\.mediathek3
[2012.12.29 18:13:46 | 002,179,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71d.dll
[2012.12.29 18:13:46 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp71d.dll
[2012.12.29 18:13:46 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr71d.dll
[2012.12.29 18:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IviSDK
[2012.12.29 18:13:00 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.007
[2012.12.29 18:13:00 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSComCt2.ocx
[2012.12.29 18:13:00 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.003
[2012.12.29 18:13:00 | 000,204,800 | ---- | C] (Hauppauge Computer Works) -- C:\windows\SysWow64\Mdcustoms.ocx
[2012.12.29 18:13:00 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.004
[2012.12.29 18:13:00 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.005
[2012.12.29 18:13:00 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Msinet.ocx
[2012.12.29 18:13:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2012.12.29 18:13:00 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCAL.OCX
[2012.12.29 18:13:00 | 000,069,632 | ---- | C] (Hauppauge Computer Works ) -- C:\windows\SysWow64\3DES.dll
[2012.12.29 18:13:00 | 000,053,248 | ---- | C] (Hauppauge) -- C:\windows\SysWow64\MDCustomPanels.ocx
[2012.12.29 18:13:00 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.008
[2012.12.29 18:13:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.006
[2012.12.29 18:12:22 | 000,000,000 | ---D | C] -- C:\MyVideos
[2012.12.29 18:11:54 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.002
[2012.12.29 18:11:54 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.001
[2012.12.29 18:11:54 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.000
[2012.12.27 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\.VirtualBox
[2012.12.27 21:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.12.27 21:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.12.27 15:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.27 15:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.27 15:49:12 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2012.12.27 15:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.12.25 09:27:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\redsn0w
[2012.12.22 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\dvdcss
[2012.09.18 20:05:47 | 000,409,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\rescue2usb.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.21 12:19:20 | 000,015,473 | ---- | M] () -- C:\Users\Martin\Desktop\WSfS-Arbeit.ods
[2013.01.21 12:06:02 | 000,000,029 | ---- | M] () -- C:\windows\SysWow64\TempWmicBatchFile.bat
[2013.01.21 11:41:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 11:27:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.21 10:33:27 | 000,198,876 | ---- | M] () -- C:\Users\Martin\Desktop\f---1083.pdf
[2013.01.21 10:33:16 | 000,067,963 | ---- | M] () -- C:\Users\Martin\Desktop\TI-3031_LP.pdf
[2013.01.21 09:20:58 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013.01.21 09:20:09 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 09:20:09 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 09:11:17 | 000,000,280 | ---- | M] () -- C:\windows\tasks\AbelssoftPreloader.job
[2013.01.21 09:11:13 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.01.21 09:10:45 | 4065,890,303 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.20 23:36:39 | 000,001,054 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.20 23:23:24 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.01.20 00:17:46 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto Manager MX Deluxe.lnk
[2013.01.20 00:06:55 | 001,507,170 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.20 00:06:55 | 000,657,676 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.20 00:06:55 | 000,618,912 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.20 00:06:55 | 000,131,016 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.20 00:06:55 | 000,107,232 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.19 23:07:59 | 000,045,083 | ---- | M] () -- C:\Users\Martin\Desktop\CA-Planung.ods
[2013.01.19 09:52:30 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013.01.19 09:35:53 | 000,677,816 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.18 14:39:36 | 000,053,381 | ---- | M] () -- C:\Users\Martin\Desktop\whoa.zip
[2013.01.16 08:36:32 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.15 17:22:30 | 000,021,573 | ---- | M] () -- C:\Users\Martin\Desktop\organigramm 11 2012.pdf
[2013.01.14 12:00:16 | 000,022,660 | ---- | M] () -- C:\Users\Martin\Desktop\Maja Muster.pdf
[2013.01.13 23:06:05 | 000,133,938 | ---- | M] () -- C:\Users\Martin\Desktop\wsfs-alt.jpg
[2013.01.13 22:43:41 | 000,143,547 | ---- | M] () -- C:\Users\Martin\Desktop\256026_473359232685334_1795865310_o.jpg
[2013.01.13 15:46:24 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.01.13 15:12:30 | 000,046,890 | ---- | M] () -- C:\Users\Martin\Desktop\magix.jpg
[2013.01.13 13:54:32 | 000,002,926 | ---- | M] () -- C:\Users\Martin\Desktop\attach.zip
[2013.01.13 13:42:53 | 000,350,559 | ---- | M] () -- C:\Users\Martin\Desktop\avast_antirootkit.jpg
[2013.01.13 13:16:18 | 000,000,865 | ---- | M] () -- C:\Users\Martin\Desktop\ERUNT.lnk
[2013.01.13 10:58:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.01.13 10:58:29 | 000,002,256 | ---- | M] () -- C:\Users\Martin\Desktop\SpyHunter.lnk
[2013.01.12 10:44:35 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\Content Management Utility.lnk
[2013.01.11 18:07:11 | 008,057,590 | ---- | M] () -- C:\Users\Martin\Desktop\Sony NEX-FS700EK.pdf
[2013.01.11 17:32:41 | 000,001,614 | ---- | M] () -- C:\Users\Martin\Desktop\DivX Movies.lnk
[2013.01.11 17:32:08 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.01.11 17:31:35 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.01.10 13:52:06 | 000,120,200 | ---- | M] () -- C:\windows\SysWow64\DLLDEV32i.dll
[2013.01.10 13:51:38 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Plus.lnk
[2013.01.10 10:40:08 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.10 09:41:48 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.01.10 09:41:48 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.09 12:13:46 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Slideshow Maker 2.lnk
[2013.01.04 00:37:09 | 000,000,486 | ---- | M] () -- C:\windows\cdplayer.ini
[2013.01.04 00:30:11 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2013.01.01 17:43:57 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.12.30 02:32:00 | 000,000,927 | ---- | M] () -- C:\Users\Martin\Desktop\MediathekView.exe - Verknüpfung.lnk
[2012.12.30 00:07:16 | 324,011,604 | ---- | M] () -- C:\Users\Martin\Rockpalast-Skunk_Anansie__Rocknacht_Special_2009_-rocknacht_special09_skunk_anansie.flv
[2012.12.29 23:55:51 | 680,228,746 | ---- | M] () -- C:\Users\Martin\Rockpalast-Me_First_&_The_Gimme_Gimmes__Area4_2012_-area4_12_me_first_n_the_gimme_gimmes_web_l.mp4.flv
[2012.12.29 23:48:37 | 740,226,961 | ---- | M] () -- C:\Users\Martin\Rockpalast-Red_Hot_Chili_Peppers__Rock_im_Pott_2012_-120924_rockpalast_chilli_peppers_web_l.mp4.flv
[2012.12.29 23:02:59 | 582,069,925 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda_-_ein_musikalischer_Heimatfilm__2012_-labrassbanda_ein_musikalischer_heimatfilm_web_l.mp4.flv
[2012.12.29 22:49:15 | 1375,369,246 | ---- | M] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Die_Ballade_von_Cenk_und_...-format354323.mp4.flv
[2012.12.29 21:41:57 | 130,667,052 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Reeperbahn_Festival_2010_-reeperbahn_festival10_labrassbanda.mp4.flv
[2012.12.29 21:37:04 | 000,001,082 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
[2012.12.29 21:37:04 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\WinTV 7.lnk
[2012.12.29 21:36:57 | 000,000,209 | ---- | M] () -- C:\windows\ODBCINST.INI
[2012.12.29 21:36:57 | 000,000,135 | ---- | M] () -- C:\windows\ODBC.INI
[2012.12.29 21:36:25 | 000,037,639 | ---- | M] () -- C:\windows\Irremote.ini
[2012.12.29 21:36:25 | 000,000,960 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
[2012.12.29 21:35:06 | 000,007,188 | ---- | M] () -- C:\windows\HCWPNP.INI
[2012.12.29 21:21:28 | 933,834,752 | ---- | M] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Kinderland__FSK___ab_20_Uhr_-format354248.mp4.flv
[2012.12.29 21:21:06 | 021,880,832 | ---- | M] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Haldern_Pop_2011_-haldern11_labrassbanda.mp4.flv
[2012.12.27 21:40:02 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.12.27 16:08:10 | 000,000,285 | ---- | M] () -- C:\windows\wininit.ini
[2012.12.27 15:49:16 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.24 13:09:16 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012.12.22 13:52:41 | 000,001,403 | ---- | M] () -- C:\Users\Martin\Desktop\Windows installieren.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.21 10:33:27 | 000,198,876 | ---- | C] () -- C:\Users\Martin\Desktop\f---1083.pdf
[2013.01.21 10:33:15 | 000,067,963 | ---- | C] () -- C:\Users\Martin\Desktop\TI-3031_LP.pdf
[2013.01.21 09:20:58 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013.01.19 09:52:30 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013.01.18 14:39:36 | 000,053,381 | ---- | C] () -- C:\Users\Martin\Desktop\whoa.zip
[2013.01.17 14:38:06 | 000,045,083 | ---- | C] () -- C:\Users\Martin\Desktop\CA-Planung.ods
[2013.01.16 08:36:32 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.15 17:22:30 | 000,021,573 | ---- | C] () -- C:\Users\Martin\Desktop\organigramm 11 2012.pdf
[2013.01.15 09:20:26 | 000,015,473 | ---- | C] () -- C:\Users\Martin\Desktop\WSfS-Arbeit.ods
[2013.01.14 12:00:17 | 000,022,660 | ---- | C] () -- C:\Users\Martin\Desktop\Maja Muster.pdf
[2013.01.13 22:58:14 | 000,133,938 | ---- | C] () -- C:\Users\Martin\Desktop\wsfs-alt.jpg
[2013.01.13 22:43:36 | 000,143,547 | ---- | C] () -- C:\Users\Martin\Desktop\256026_473359232685334_1795865310_o.jpg
[2013.01.13 15:12:25 | 000,046,890 | ---- | C] () -- C:\Users\Martin\Desktop\magix.jpg
[2013.01.13 13:54:32 | 000,002,926 | ---- | C] () -- C:\Users\Martin\Desktop\attach.zip
[2013.01.13 13:42:51 | 000,350,559 | ---- | C] () -- C:\Users\Martin\Desktop\avast_antirootkit.jpg
[2013.01.13 13:16:18 | 000,000,865 | ---- | C] () -- C:\Users\Martin\Desktop\ERUNT.lnk
[2013.01.13 10:58:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.01.13 10:58:32 | 000,022,704 | ---- | C] () -- C:\windows\SysNative\drivers\EsgScanner.sys
[2013.01.13 10:58:29 | 000,002,256 | ---- | C] () -- C:\Users\Martin\Desktop\SpyHunter.lnk
[2013.01.12 10:44:35 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\Content Management Utility.lnk
[2013.01.11 18:07:11 | 008,057,590 | ---- | C] () -- C:\Users\Martin\Desktop\Sony NEX-FS700EK.pdf
[2013.01.11 17:32:41 | 000,001,614 | ---- | C] () -- C:\Users\Martin\Desktop\DivX Movies.lnk
[2013.01.11 17:32:08 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.01.11 17:31:35 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.01.11 17:26:29 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.01.10 13:51:38 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Plus.lnk
[2013.01.10 10:40:08 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.10 10:40:07 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.01.09 12:15:23 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto Manager MX Deluxe.lnk
[2013.01.09 12:13:46 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Slideshow Maker 2.lnk
[2013.01.04 00:30:11 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2012.12.30 02:32:00 | 000,000,927 | ---- | C] () -- C:\Users\Martin\Desktop\MediathekView.exe - Verknüpfung.lnk
[2012.12.29 23:48:41 | 324,011,604 | ---- | C] () -- C:\Users\Martin\Rockpalast-Skunk_Anansie__Rocknacht_Special_2009_-rocknacht_special09_skunk_anansie.flv
[2012.12.29 23:03:03 | 680,228,746 | ---- | C] () -- C:\Users\Martin\Rockpalast-Me_First_&_The_Gimme_Gimmes__Area4_2012_-area4_12_me_first_n_the_gimme_gimmes_web_l.mp4.flv
[2012.12.29 22:49:19 | 740,226,961 | ---- | C] () -- C:\Users\Martin\Rockpalast-Red_Hot_Chili_Peppers__Rock_im_Pott_2012_-120924_rockpalast_chilli_peppers_web_l.mp4.flv
[2012.12.29 21:42:01 | 582,069,925 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda_-_ein_musikalischer_Heimatfilm__2012_-labrassbanda_ein_musikalischer_heimatfilm_web_l.mp4.flv
[2012.12.29 21:37:04 | 000,001,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
[2012.12.29 21:37:04 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\WinTV 7.lnk
[2012.12.29 21:36:25 | 000,000,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
[2012.12.29 21:35:40 | 000,142,337 | ---- | C] () -- C:\windows\SysWow64\Wait.exe
[2012.12.29 21:34:58 | 000,007,188 | ---- | C] () -- C:\windows\HCWPNP.INI
[2012.12.29 21:30:28 | 130,667,052 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Reeperbahn_Festival_2010_-reeperbahn_festival10_labrassbanda.mp4.flv
[2012.12.29 21:30:18 | 1375,369,246 | ---- | C] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Die_Ballade_von_Cenk_und_...-format354323.mp4.flv
[2012.12.29 21:18:59 | 021,880,832 | ---- | C] () -- C:\Users\Martin\Rockpalast-LaBrassBanda__Haldern_Pop_2011_-haldern11_labrassbanda.mp4.flv
[2012.12.29 20:40:59 | 933,834,752 | ---- | C] () -- C:\Users\Martin\Tatort-Wunsch-Tatort__Kinderland__FSK___ab_20_Uhr_-format354248.mp4.flv
[2012.12.29 18:13:46 | 000,149,504 | ---- | C] () -- C:\windows\SysWow64\UNWISE.EXE
[2012.12.29 18:13:11 | 000,037,639 | ---- | C] () -- C:\windows\Irremote.ini
[2012.12.29 18:13:00 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\dmcrypto.dll
[2012.12.29 18:12:22 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012.12.29 18:12:22 | 000,000,135 | ---- | C] () -- C:\windows\ODBC.INI
[2012.12.27 21:40:02 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.12.27 16:08:10 | 000,000,285 | ---- | C] () -- C:\windows\wininit.ini
[2012.12.27 15:49:16 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.27 15:49:16 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.22 13:52:41 | 000,001,403 | ---- | C] () -- C:\Users\Martin\Desktop\Windows installieren.lnk
[2012.11.26 00:30:01 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
[2012.11.26 00:27:28 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
[2012.11.08 08:25:03 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.10.13 14:34:22 | 000,340,480 | ---- | C] () -- C:\windows\SysWow64\K8062e.exe
[2012.10.13 14:34:22 | 000,322,048 | ---- | C] () -- C:\windows\SysWow64\Easylase.dll
[2012.10.13 14:34:22 | 000,301,056 | ---- | C] () -- C:\windows\SysWow64\usbdmxfs.dll
[2012.10.13 14:34:22 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\usb_dll.dll
[2012.10.13 14:34:22 | 000,084,992 | ---- | C] () -- C:\windows\SysWow64\DMX510Vb.dll
[2012.10.13 14:34:22 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\EspionDll.dll
[2012.10.13 14:34:22 | 000,042,496 | ---- | C] () -- C:\windows\SysWow64\K8062D.dll
[2012.10.13 14:34:22 | 000,037,888 | ---- | C] () -- C:\windows\SysWow64\LPT_dmx.dll
[2012.10.13 14:34:22 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\MPUSBAPI.DLL
[2012.10.13 14:34:22 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\usbdmxsi.dll
[2012.10.13 14:34:22 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FASTTime32.dll
[2012.10.13 14:34:22 | 000,003,584 | ---- | C] () -- C:\windows\SysWow64\drivers\dlportio.sys
[2012.10.13 14:34:21 | 000,077,824 | ---- | C] () -- C:\windows\SysWow64\dashardvb.dll
[2012.10.13 14:34:21 | 000,044,544 | ---- | C] () -- C:\windows\SysWow64\dmx60.dll
[2012.10.13 14:34:21 | 000,044,544 | ---- | C] () -- C:\windows\SysWow64\dmx120.dll
[2012.10.13 14:34:21 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\USB.dll
[2012.10.13 14:34:21 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\inpout32.dll
[2012.09.26 12:36:22 | 000,017,408 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db
[2012.09.22 23:14:19 | 000,000,486 | ---- | C] () -- C:\windows\cdplayer.ini
[2012.09.18 20:05:48 | 000,028,160 | ---- | C] () -- C:\Program Files\syslinux.exe
[2012.09.18 20:05:48 | 000,000,237 | ---- | C] () -- C:\Program Files\syslinux.cfg
[2012.09.18 20:05:47 | 000,237,849 | ---- | C] () -- C:\Program Files\grub.exe
[2012.09.17 10:30:01 | 001,044,480 | ---- | C] ( ) -- C:\windows\SysWow64\lmabserv.dll
[2012.09.17 10:30:01 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcomc.dll
[2012.09.17 10:30:01 | 000,593,920 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcoms.exe
[2012.09.17 10:30:01 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lmabcomm.dll
[2012.09.17 10:30:01 | 000,356,352 | ---- | C] ( ) -- C:\windows\SysWow64\lmabhcp.dll
[2012.09.16 17:11:50 | 000,000,396 | ---- | C] () -- C:\windows\hbcikrnl.ini
[2012.09.16 17:11:46 | 000,167,936 | ---- | C] () -- C:\windows\SysWow64\SerialXP.dll
[2012.09.16 17:11:46 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\win32com.dll
[2012.09.16 08:23:56 | 002,469,760 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2012.09.16 08:23:56 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2012.09.16 08:23:56 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2012.09.16 08:23:56 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2012.09.16 08:23:56 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2012.05.10 21:17:42 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012.05.10 19:48:20 | 000,003,226 | ---- | C] () -- C:\windows\HotFixList.ini
[2012.02.06 05:42:56 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012.02.06 05:42:55 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012.02.06 05:42:53 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.02.06 05:42:52 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012.02.02 14:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2011.05.20 10:16:50 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011.05.20 10:16:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011.05.20 10:16:50 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011.05.20 10:16:50 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

disneykiller
2013-01-21, 14:06
and this is the rest: (the last reply was 203 Charakters too long...)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.11.15 19:21:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Abelssoft
[2012.11.24 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Amazon
[2013.01.04 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Audacity
[2012.09.16 17:14:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Buhl Data Service
[2012.09.24 12:51:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Buhl Data Service GmbH
[2012.09.16 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DataDesign
[2013.01.21 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox
[2012.11.12 00:02:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.12.16 16:11:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\fotobuch.de AG
[2012.09.16 17:42:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IrfanView
[2012.10.09 08:49:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Juan M. Aguirregabiria
[2012.09.16 16:39:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LibreOffice
[2013.01.10 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2012.11.07 11:42:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Mushroom Limited
[2012.12.09 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MOBILedit
[2013.01.04 02:44:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mp3tag
[2012.12.19 14:00:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PDF Writer
[2012.12.25 09:27:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\redsn0w
[2012.11.15 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Samsung
[2013.01.09 16:15:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\simplitec
[2013.01.12 12:02:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spotify
[2013.01.12 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2012.09.16 10:58:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird
[2013.01.11 10:15:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2013.01.19 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wacom
[2013.01.19 09:52:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.12.08 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wuala
[2012.11.12 09:58:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\XMedia Recode

========== Purity Check ==========



< End of report >


(now I feel pretty naked :))

disneykiller
2013-01-21, 18:48
as you can see it's still there.
the uninstall tells me to uninstall the add-on. But there is no such add-on...

oldman960
2013-01-22, 08:58
Hi disneykiller,

Next, double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
IE - HKU\S-1-5-21-4201702909-4008549763-78736917-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=c61aca2d-4839-11e2-8e56-e8039ab06a14&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Reboot the computer. Any better?

disneykiller
2013-01-22, 18:03
That looks pretty good! :) :bigthumb: No strange browse-to-save-hyperlinks where they used to appear (facebook, news-pages etc). Well, at least up to now.
Anything else I have to do?


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4201702909-4008549763-78736917-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "Privitize VPN" removed from browser.search.defaultengine
Prefs.js: "Privitize VPN" removed from browser.search.defaultenginename
Prefs.js: "Privitize VPN" removed from browser.search.order.1
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Martin
->Temp folder emptied: 25243902 bytes
->Temporary Internet Files folder emptied: 123481808 bytes
->Java cache emptied: 175236 bytes
->FireFox cache emptied: 459750403 bytes
->Flash cache emptied: 57620 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 190389 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84222 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 155708725 bytes

Total Files Cleaned = 729,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01222013_164308

Files\Folders moved on Reboot...
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\windows\temp\JET6057.tmp moved successfully.
C:\windows\temp\JETAD4E.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

disneykiller
2013-01-22, 20:16
:( :sad:

oldman960
2013-01-23, 06:10
Hi disneykiller,

Stubborn little cuss isn't it?

We may have to do this the hard way to find which extension is the problem.

Open fireFox
click FireFox in the top left corner
in the menu highlite Help
click restart with add-on disabled
FireFox will close and reopen. Do some usuall surfing and see if the add still appear.

disneykiller
2013-01-24, 19:28
Hmmm, couldn't do it your way. There's no FireFox in the top left corner and no option to start firefox without Add-ons (and it does not show me any installed add-ons - it says I have none). Anyway I managed to set up a second firefox-profile that starts without add-ons (WIN-k& r-key, firefox -p, new profile). In this simple firefox I didnt get any pop-ups til now. But if I have no add-ons on my default-firefox, they cant be the problem, right? :confused: Anyway I do have quite a few extensions, some plug-ins and a few scripts...

Please excuse my weird writing, I'm german – and I'm tired :)

oldman960
2013-01-26, 21:14
Hi disneykiller,

Try starting Firefox in Safe Mode by holding down the shift key while starting Firefox.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook_x64.exe)
Download Mirror #2 (http://jpshortstuff.247fixes.com/SystemLook_x64.exe)

Right click SystemLook.exe and click "Run as Administrator" to run it.
Copy the content of the following codebox into the main textfield
Do not copy the word CODE , please note the script starts with the :

:regfind
browse to save

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

disneykiller
2013-01-29, 09:38
SystemLook 30.07.11 by jpshortstuff
Log created at 08:30 on 29/01/2013 by Martin
Administrator - Elevation successful

========== regfind ==========

Searching for "browse to save"
No data found.

-= EOF =-


In the meantime I deinstalled firefox after making a mozbackup without extensions and then installed it again and restored it. It seemed to work but only for about a day, then these links appeared again.
I consider changing my browser to chrome or opera or whatever. Do you think bts is only nagging or is it a threat? Should I just ignore it and use a different browser?
Thank you for all the time you spend on my issue!!! :thanks:

oldman960
2013-02-01, 03:18
Hi disneykiller,

Sorry aboout the delay, been traveling.

Even though you backed up FF without extensions there may be something in your profile that is causing the problem.

Would you be willing to do a complete removal including your profile and preferences?

disneykiller
2013-02-01, 13:55
Seems I have no other choice. Will take some time though to note all the pws, favourites etc...
I'm gone til next friday and have no time to do all that before next weekend.
Will my thread still be there next weekend? Just so I can let you know that bts is still there... ;)

oldman960
2013-02-01, 19:15
Yes I'll leave this open for you. I'll post some instructions later that may make it easier to keep what you need.

disneykiller
2013-02-09, 11:09
Ok, I saved my passwords with passwordfox and started using roboform to keep my data independend from my browser in the future. I installed opera and red a few new articles regarding other users problems and solutions with browse to save. Strangely enough they seemed to get it fixed by searching their registry for "click to save" or "continue to save" and then deleting these entries.
I didnt find any entries in my registry... :(
I'll start entering my pws in roboform now and when I'm done delete firefox and my profile and start from scratch.
Any other suggestions? What do you thing about Roboform? Is there any better alternative?
Thank you again, greets,
disneykiller

disneykiller
2013-02-09, 15:28
Done. Deleted ff and did a new install. Now I'm testing it. Do you know what akamaihd.net is good for? It appeared on almost every page (seen it in noscript) and now it seems to be needed for facebook? On trojanerboard.de someone mentioned it in context with coupondropdown which seems to be very similar to browse to save / click to save. He found out that it appeared on alost every page since he installed an extension called FreeHDSport.TV. He uninstalled that extension and now akamaihd.net only appears on facebook.
Anyway, I have no FreeHDSport.TV extension.
FB doesn't seem to work without akamaidh.net. What happens if I allow it?

disneykiller
2013-02-09, 15:33
Did I mention that noscript found superfish and some other script called something like ...addcompanion or so on nearly every page? I didnt allow it though. Important?

oldman960
2013-02-09, 20:27
Hi disneykiller,


FB doesn't seem to work without akamaidh.net. What happens if I allow it? It seems that akamaidh.net is a content deliverer. Depending on your content settings in your FB profile allowing may be required for FB.Giving it temporary permission will allow you to access FB.


Did I mention that noscript found superfish and some other script called something like ...addcompanion or so on nearly every page? I didnt allow it though. Important?
That's one of the problems with FF extensions. Some are created by 3rd parties and can be bundled with almost anything. The above mentioned may not show up in your extension/addon list because they are actually inside another extension. What extensions have you added to the new FF?

Is browse to save still there?

disneykiller
2013-02-13, 13:59
Hi,
no bts-links so far.
These are my activated extensions:
2-click-like 2.0
Adblock plus 2.2.2
Better Privacy 1.2.8
Download Helper 4.9.13
HTTPS everywhere 3.1.3
IDGARD 4.0.019
Noscript 2.6.4.4
RoboForm lite 3.4.7
SocialFixer 7.501

I think I better wait a few days before I party. But up to now all seems well.
next issue: How do I prevent that from happening again. I still think it's strange that there is so little information and complaints regarding browse to save, click to save and so on. Where does it come from, why do I get no alerts from my antivirus, what to do to avoid an infection...
Thanks so far,
disneykiller

oldman960
2013-02-14, 23:45
Hi disneykiller,

I haven't seen anything bad reported about the addons you have. Since the problem seems to have , at least for now, try using the computer for a couple of days. If everything seems to be okay we'll clean up the tools we used.

The best way to prevent these is to be very carefful when installing something. Many 3rd party programs/applications come bundles with something else. Always read what the program is asking you to install besides the actual program. The extras are usually checked by default.

Post back and let me know how you are making out.

disneykiller
2013-02-18, 10:56
Hi oldman960,
everything seems to be okay so far.
So the conclusion is to delete your profile and addons and start from scratch if you want to get rid of bts (still not 100% sure, if its not hiding somewhere on my hdd). btw: roboform seems to do a good job, if you want to handle your logins,identities and pws. I have it on office-pc, notebook, android and it works just fine.
So how do we clean up now?

oldman960
2013-02-22, 23:31
Hi disneykiller,

Sorry abut not getting back to you sooner. It can become quite imbedded and as mentioned may actually be part of an other extension.


We'll clean up the tools now.

From your desktop, please delete, if present
any notepads/logs that we created
aswMBR.exe
mbr.zip
mbr.dat
DDS.scr
SystemLook.exe

Open AdwCleaner and click uninstall.

Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


Next

Create new a Restore Point

Click your Start button
In the Search box type create restore[/B
click on [B]Create a restore point
Click the System Protection tab
click Create
Give your restore point a name and click Create
Wait while Windows creates a system restore point for you


Remove old Restore Points

Click the Start button
In the search box, type Disk Cleanup
in the list of results, click Disk Cleanup
If prompted, select the drive that you want to clean up, and then click OK.
In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
If prompted, select the drive that you want to clean up, and then click OK.
Click the More Options tab
under System Restore and Shadow Copies, click Clean up.
In the Disk Cleanup dialog box, click Delete.
Click Delete Files, and then click OK.


Updates and upgrades

Your java is out of date. Click your start button > Control Panel
Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
when the java console opens click the update tab
Click update now
Decline any additional installs that may be offered during the update.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now.

You can use Spybot to install a Custom Hosts file.
1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)

Please post back if you have any problems.

Take care

disneykiller
2013-02-25, 11:01
Done.
The mvps.org is very interesting and useful. Thank you for the hint.
Didn't know how powerful host-files are. Everything seems to work.
Since I need network discovery I edited the registry.
As proposed by whatthetech I installed secunia psi which seems to be a powerful tool - but: is there any way to prevent programs from rebooting your computer without asking / waiting til other programs are shut savely? My notebook all of a sudden shut down and I got a few error-messages after it rebooted. :(
Anyway, it seems all to be ok now.

Your help and patience was awesome. Thank you very, very much!
Although I'm not exactly rich I want to contribute to the great job you do. Where/how can I donate for your work?
:thanks:

oldman960
2013-02-26, 02:55
Hi disneykiller,

Most programs when they update will ask you somewhere along the way if you want to reboot now or later. At the very least you should have been imformed that a reboot may be part of the process. Which program rebooted your computer?

There is a donate button in the upper right hand corner of this page. :thanks: