Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Add box in left corner

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Add box in left corner

Unread postby Gary R » May 7th, 2012, 9:30 am

OK, let's try again ....

First

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=100581&tt=110911_startpage
[2011.10.30 17:52:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

:Commands
[emptytemp]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Summary of the logs I need from you in your next post:
  • FRST.txt
  • Latest OTL fix log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Add box in left corner

Unread postby samweb » May 7th, 2012, 12:45 pm

FRST log

Scan result of Farbar Recovery Scan Tool Version: 06-05-2012
Ran by SYSTEM at 07-05-2012 16:51:54
Running from J:\
Windows 7 Home Premium (X64) OS Language: German Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16327712 2009-06-26] (NVIDIA Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT [329632 2009-04-15] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [202296 2011-04-25] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [SSS12 HotKeys] "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe" [84480 2011-08-18] (Steganos Software GmbH)
HKLM-x32\...\Run: [SSS12 File Redirection Starter] "C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe" [17408 2011-08-18] (Steganos Software GmbH)
HKLM-x32\...\Run: [] [x]
HKU\Samuel 2\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler [210208 2008-09-26] (Acresso Corporation)
HKU\Samuel 2\...\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent [1756232 2011-05-13] (ManyCam LLC)
HKU\Samuel 2\...\Run: [Akamai NetSession Interface] "C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
HKU\Samuel 2\...\Run: [AdobeBridge] [x]
HKU\Samuel 2\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Samuel 2\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17151624 2012-02-29] (Skype Technologies S.A.)
HKU\Samuel 2\...\Run: [Spotify] "C:\Users\Samuel 2\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [9478320 2012-05-04] (Spotify Ltd)
HKU\Samuel 2\...\Run: [SSS12 Browser Monitor] "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe" [57344 2011-08-18] (Steganos Software GmbH)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) ======

2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [202296 2011-04-25] (Kaspersky Lab ZAO)
2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-04-15] (SEIKO EPSON CORPORATION)
2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [434176 2009-07-13] (Hauppauge Computer Works)
2 MouseWithoutBordersSvc; "C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe" [17920 2011-08-31] (Microsoft)
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [75592 2011-09-08] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 Steganos Volatile Disk; C:\Windows\SysWow64\STGRAMDiskHandler64.exe [450560 2010-07-08] (Softwareentwicklung Remus - ArchiCrypt)
2 TeamViewer5; "C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service [173352 2010-07-06] (TeamViewer GmbH)
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2666880 2012-03-19] (TeamViewer GmbH)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
2 Apache2.2; "c:\xampp\apache\bin\httpd.exe" -k runservice [x]
3 MemoryStatus; c:\servicetest.exe [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 mysql; c:\xampp\mysql\bin\mysqld.exe --defaults-file=c:\xampp\mysql\bin\my.ini mysql [x]
2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]
2 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
3 WMZuneComm; "c:\Program Files\Zune\WMZuneComm.exe" [x]
3 ZuneNetworkSvc; "c:\Program Files\Zune\ZuneNss.exe" [x]
3 ZuneWlanCfgSvc; "c:\Program Files\Zune\ZuneWlanCfgSvc.exe" [x]

========================== Drivers (Whitelisted) =============

2 acedrv11; C:\Windows\System32\Drivers\acedrv11.sys [334344 2009-01-19] (Protect Software GmbH)
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [2769400 2009-07-17] (Broadcom Corporation)
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [72648 2010-07-12] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85320 2010-07-12] (FTDI Ltd.)
3 hcw17bda; C:\Windows\System32\Drivers\hcw17bda.sys [61696 2009-06-29] (Hauppauge Computer Works, Inc.)
2 hwpsgt; C:\Windows\SysWow64\Drivers\hwpsgt.sys [137344 2010-11-22] ()
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [615728 2011-12-21] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
2 lemsgt; C:\Windows\SysWow64\Drivers\lemsgt.sys [9472 2010-11-22] ()
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam_x64.sys [27136 2008-03-13] (ManyCam LLC.)
2 npf; C:\Windows\System32\Drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
2 RMCAST; C:\Windows\System32\Drivers\RMCAST.sys [146432 2010-11-20] (Microsoft Corporation)
1 SLEE_17_DRIVER; \??\C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
1 STGMFEngine64; C:\Windows\System32\Drivers\STGMFEngine64.sys [28576 2010-09-03] (Softwareentwicklung Remus - ArchiCrypt.com)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-08-15] (Oracle Corporation)
1 vmm; C:\Windows\System32\Drivers\vmm.sys [295272 2010-09-01] (Microsoft Corporation)
3 connctfy; C:\Windows\System32\DRIVERS\connctfy.sys [x]
3 connctfyMP; C:\Windows\System32\DRIVERS\connctfy.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-07 15:43 - 2010-11-16 18:32 - 1388155 ____A C:\Users\Samuel 2\Downloads\FRST64.exe
2012-05-06 19:08 - 2012-05-04 19:23 - 0000000 ____D C:\_OTL
2012-05-06 19:07 - 2012-05-06 19:07 - 0191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-06 19:07 - 2012-05-06 19:07 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-06 19:07 - 2012-03-29 15:54 - 0000000 ____D C:\Program Files\Java
2012-05-06 19:07 - 2011-03-31 03:20 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-06 19:07 - 2010-10-04 16:54 - 0525600 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-06 19:07 - 2009-07-14 03:39 - 0544032 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-06 19:05 - 2012-04-16 19:48 - 17210144 ____A (Sun Microsystems, Inc.) C:\Users\Samuel 2\Downloads\jre-6u32-windows-x64.exe
2012-05-06 14:19 - 2012-05-05 17:29 - 0138236 ____A C:\TDSSKiller.2.7.34.0_06.05.2012_14.19.40_log.txt
2012-05-06 13:33 - 2011-02-16 18:33 - 0145592 ____A C:\Users\Samuel 2\Downloads\Extras.Txt
2012-05-06 13:32 - 2012-05-06 13:15 - 0153550 ____A C:\Users\Samuel 2\Downloads\OTL.Txt
2012-05-06 13:15 - 2011-09-17 19:54 - 0595456 ____A (OldTimer Tools) C:\Users\Samuel 2\Downloads\OTL.exe
2012-05-05 17:35 - 2012-03-11 00:02 - 0607260 ____R (Swearware) C:\Users\Samuel 2\Downloads\dds.scr
2012-05-05 17:28 - 2012-05-04 20:07 - 0143954 ____A C:\TDSSKiller.2.7.34.0_05.05.2012_17.28.29_log.txt
2012-05-04 23:07 - 2012-04-05 17:32 - 0002979 ____A C:\Users\Samuel 2\Desktop\HiJackThis.lnk
2012-05-04 20:02 - 2012-05-04 19:52 - 0284248 ____A C:\TDSSKiller.2.7.34.0_04.05.2012_20.02.22_log.txt
2012-05-04 19:52 - 2012-05-06 14:21 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-04 19:51 - 2012-05-07 00:01 - 0140500 ____A C:\TDSSKiller.2.7.34.0_04.05.2012_19.51.12_log.txt
2012-05-04 19:51 - 2011-06-29 14:01 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Samuel 2\Downloads\tdsskiller.exe
2012-05-04 19:48 - 2011-10-13 21:22 - 0000000 ____D C:\Users\Samuel 2\Desktop\RK_Quarantine
2012-05-04 19:48 - 2011-06-18 14:42 - 1412608 ____A C:\Users\Samuel 2\Downloads\RogueKiller.exe
2012-05-04 19:06 - 2010-06-06 16:22 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Malwarebytes
2012-05-04 19:06 - 2010-02-13 12:23 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-04 19:06 - 2010-02-13 12:23 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-05-04 19:06 - 2010-02-13 12:23 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-04 19:05 - 2011-08-14 11:47 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Samuel 2\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-04 18:58 - 2011-10-05 18:03 - 0000931 ____A C:\Users\Samuel 2\Desktop\xampp_control.exe - Verknüpfung.lnk
2012-05-03 21:59 - 2011-01-03 23:47 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\{24ACB722-ACF8-4ED2-9610-E49F281D8F1C}
2012-04-25 17:10 - 2012-04-25 17:10 - 0024105 ____A C:\Users\Samuel 2\Downloads\email_address_crawler_3-3-tb3.xpi
2012-04-25 16:41 - 2010-12-17 15:53 - 0000000 ____D C:\Users\Samuel 2\Downloads\email_address_crawler_3-3-tb
2012-04-25 16:40 - 2012-04-25 16:41 - 0023436 ____A C:\Users\Samuel 2\Downloads\email_address_crawler_3-3-tb.xpi
2012-04-25 16:33 - 2011-06-18 14:36 - 0036276 ____A C:\Users\Samuel 2\Downloads\addresscontext-0.8.1-tb.xpi
2012-04-25 13:39 - 2012-04-13 01:12 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-25 13:39 - 2012-04-13 01:12 - 0000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-04-25 13:39 - 2012-04-13 01:12 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-25 13:39 - 2010-12-21 18:27 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-24 18:18 - 2012-03-24 22:57 - 0009398 ____A C:\Users\Samuel 2\Downloads\mystunde_intersum(1).sql
2012-04-24 15:57 - 2012-04-24 18:18 - 0009407 ____A C:\Users\Samuel 2\Downloads\mystunde_intersum.sql
2012-04-23 20:04 - 2012-02-16 16:52 - 0367944 ____A (Conduit) C:\Users\Samuel 2\Downloads\Brothersoftdownloader_for_MSSQL_MySQL_Converter.exe
2012-04-23 20:04 - 2010-11-16 18:35 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
2012-04-23 20:00 - 2011-12-24 22:30 - 0000896 ____A C:\Users\Public\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
2012-04-23 20:00 - 2011-12-24 22:30 - 0000896 ____A C:\Users\All Users\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
2012-04-23 19:59 - 2010-12-10 20:08 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Microsoft SQL Server Migration Assistant
2012-04-23 19:59 - 2009-12-02 18:00 - 0000000 ____D C:\Microsoft SQL Server Migration Assistant for MySQL
2012-04-22 18:50 - 2011-06-18 14:38 - 2328272 ____A (DRPU Software Pvt. Ltd.) C:\Users\Samuel 2\Downloads\mysql-to-mssql.exe
2012-04-22 18:50 - 2011-04-02 23:04 - 0000000 ____D C:\Program Files (x86)\DRPU Database Converter - MySQL to MS SQL (Demo)
2012-04-22 16:48 - 2012-02-07 19:19 - 0226694 ____A C:\Users\Samuel 2\Desktop\sogo-connector-10.0.1pre1.xpi
2012-04-22 16:13 - 2012-05-06 19:09 - 0047104 __ASH C:\Users\Samuel 2\AppData\Thumbs.db
2012-04-22 16:13 - - 0001160 ____A C:\Users\Samuel 2\AppData\AppData - Verknüpfung.lnk
2012-04-22 15:29 - 2011-01-22 11:50 - 8526615 ____A C:\Users\Samuel 2\Downloads\owncloud-1.0.0-setup.exe
2012-04-21 21:57 - 2010-06-28 16:28 - 0000000 ____D C:\Program Files (x86)\Microsoft WebMatrix
2012-04-21 19:51 - 2010-10-10 16:25 - 6360576 ____A C:\Users\Samuel 2\Downloads\httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
2012-04-21 19:17 - 2012-04-21 19:15 - 0001702 ____A C:\server.key
2012-04-21 19:17 - 2010-06-09 18:36 - 0001666 ____A C:\server.crt
2012-04-20 14:55 - 2012-04-23 20:00 - 0001055 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-20 14:55 - 2012-04-23 20:00 - 0001055 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-04-20 14:46 - - 0022523 ____A C:\Users\Samuel 2\Desktop\bookmarks-2012-04-20.json
2012-04-19 16:45 - 2012-03-01 17:07 - 0428031 ____A C:\Users\Samuel 2\Downloads\Vistaprint_Return_Address_Labels.zip
2012-04-18 15:54 - 2012-04-18 15:48 - 0859980 ____A C:\Users\Samuel 2\Desktop\Kuppelentwurf2.psd
2012-04-18 15:48 - 2011-06-18 14:52 - 0082612 ____A C:\Users\Samuel 2\Desktop\Kuppelentwurf.jpg
2012-04-16 19:54 - 2010-03-21 16:23 - 0953979 ____A C:\Users\Samuel 2\AppContest_Ausschreibung_neu (2).pdf
2012-04-16 19:47 - 2012-04-01 15:15 - 17205024 ____A (Sun Microsystems, Inc.) C:\Users\Samuel 2\Downloads\jre-6u31-windows-i586-s.exe
2012-04-15 16:16 - 2012-04-15 16:16 - 0270014 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_161439.png
2012-04-15 16:16 - 2012-04-15 16:16 - 0265421 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_161449.png
2012-04-15 16:16 - 2012-04-15 16:16 - 0262139 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_161459.png
2012-04-15 16:16 - 2012-04-15 00:50 - 0255742 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_161430.png
2012-04-15 00:50 - 2012-04-15 00:01 - 0277593 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_004820.png
2012-04-15 00:01 - 2012-04-14 23:59 - 0393351 ____A C:\Users\Samuel 2\Downloads\IMG_14042012_235941.png
2012-04-14 23:59 - 2012-04-14 23:59 - 0322243 ____A C:\Users\Samuel 2\Downloads\IMG_14042012_235806.png
2012-04-14 23:59 - 2012-04-07 00:35 - 0322243 ____A C:\Users\Samuel 2\Downloads\IMG_14042012_235747.png
2012-04-14 23:22 - 2012-04-13 22:06 - 0007834 ____A C:\Users\Samuel 2\Downloads\sw-event(3).sql
2012-04-14 23:22 - 2011-07-15 18:59 - 0001272 ____A C:\Users\Samuel 2\Downloads\anmeldungen.sql
2012-04-13 22:06 - 2012-04-12 15:30 - 0008393 ____A C:\Users\Samuel 2\Downloads\sw-event(2).sql
2012-04-13 18:38 - 2011-03-05 17:42 - 0000000 ____D C:\php
2012-04-13 01:11 - 2012-02-28 09:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-13 01:11 - 2012-02-28 08:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-13 01:11 - 2012-02-28 08:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-13 01:11 - 2012-02-28 08:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-13 01:11 - 2012-02-28 08:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-13 01:11 - 2012-02-28 03:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-13 01:11 - 2012-02-28 03:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-13 01:11 - 2012-02-28 03:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-13 01:11 - 2012-02-28 03:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-13 01:11 - 2012-02-28 03:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-13 01:11 - 2011-05-03 07:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-13 01:11 - 2011-05-03 06:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-13 01:11 - 2011-03-30 19:43 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-13 01:11 - 2011-03-30 19:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-13 01:11 - 2011-03-30 19:43 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-13 01:11 - 2011-03-30 19:43 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-13 01:11 - 2011-03-30 19:43 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-13 01:11 - 2011-03-30 19:43 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-13 01:11 - 2011-03-30 19:43 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-13 01:11 - 2011-03-30 19:43 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-13 01:11 - 2010-11-20 15:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-13 01:11 - 2010-11-20 14:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-13 01:11 - 2009-07-14 03:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-13 01:11 - 2009-07-14 03:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-13 01:11 - 2009-07-14 03:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-13 01:11 - 2009-07-14 03:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-13 01:10 - 2009-07-14 03:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-13 01:10 - 2009-07-14 03:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-13 01:10 - 2009-07-14 03:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-13 01:05 - 2010-09-23 01:36 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-13 01:05 - 2009-07-14 03:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-13 01:05 - 2009-07-14 03:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-13 01:05 - 2009-07-14 03:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-13 01:05 - 2009-07-14 03:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-13 01:05 - 2009-07-14 03:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-13 01:05 - 2009-07-14 03:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-12 22:54 - 2012-05-07 14:40 - 0025796 ____A C:\Users\Samuel 2\Downloads\facebook-MisterX539387023(1).zip
2012-04-12 20:25 - 2010-03-21 16:23 - 0000000 ____D C:\Users\Samuel 2\facebook
2012-04-12 20:23 - 2012-04-12 22:54 - 12091453 ____A C:\Users\Samuel 2\Downloads\facebook-MisterX539387023.zip
2012-04-12 15:30 - 2012-04-07 10:52 - 0006933 ____A C:\Users\Samuel 2\Downloads\sw-event(1).sql
2012-04-12 12:26 - 2012-04-14 23:22 - 0008174 ____A C:\Users\Samuel 2\Downloads\sw-event.sql
2012-04-11 23:00 - 2012-01-16 16:48 - 0272529 ____A C:\Users\Samuel 2\Downloads\Smarty-stable.zip
2012-04-11 17:36 - 2010-07-09 17:47 - 3560712 ____A (TeamViewer GmbH) C:\Users\Samuel 2\Downloads\TeamViewer_Setup_de(1).exe
2012-04-10 23:52 - 2012-03-29 15:56 - 0000929 ____A C:\Users\Public\Desktop\Zune.lnk
2012-04-10 23:52 - 2012-03-29 15:56 - 0000929 ____A C:\Users\All Users\Desktop\Zune.lnk
2012-04-09 14:15 - 2012-05-04 21:15 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-09 13:25 - - 0000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-09 13:24 - 2009-07-14 03:14 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-08 18:48 - 2011-11-08 21:54 - 5064532 ____A C:\Users\Samuel 2\Downloads\Scannen0005.pdf
2012-04-08 15:40 - 2011-11-26 23:12 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\Samuel 2\Downloads\jxpiinstall(2).exe
2012-04-07 13:20 - 2011-03-10 23:47 - 0663680 ____A (Softwareentwicklung Patric Remus -ArchiCrypt) C:\Users\Samuel 2\Downloads\abtde.exe
2012-04-07 12:01 - 2011-02-21 16:37 - 0001281 ____A C:\Windows\System32\Drivers\etc\hosts.new
2012-04-07 11:32 - 2012-02-11 17:25 - 0000000 ____D C:\Program Files (x86)\hijackthis
2012-04-07 11:30 - 2012-02-11 17:25 - 1402880 ____A C:\Users\Samuel 2\Downloads\HiJackThis.msi
2012-04-07 10:58 - 2011-09-19 18:10 - 0001113 ____A C:\Users\Public\Desktop\Privacy Suite Hauptmenü.lnk
2012-04-07 10:58 - 2011-09-19 18:10 - 0001113 ____A C:\Users\All Users\Desktop\Privacy Suite Hauptmenü.lnk
2012-04-07 10:57 - 2011-12-24 22:29 - 0000000 ____D C:\Program Files (x86)\Steganos Privacy Suite 12
2012-04-07 10:53 - 2012-03-16 23:45 - 40809168 ____A (Steganos Software GmbH) C:\Users\Samuel 2\Downloads\sss12int.exe
2012-04-07 10:53 - 2011-11-03 00:01 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Steganos
2012-04-07 10:52 - 2012-04-07 10:54 - 2447568 ____A (Steganos Software GmbH) C:\Users\Samuel 2\Downloads\sss12int_chip.exe
2012-04-07 00:35 - 2010-06-23 16:24 - 0298114 ____A C:\Users\Samuel 2\Downloads\IMG_07042012_003338.png


============ 3 Months Modified Files and Folders =============

2012-05-07 16:52 - 2012-05-07 16:51 - 0000000 ____D C:\FRST
2012-05-07 15:48 - 2011-01-21 22:24 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Skype
2012-05-07 15:48 - 2009-07-14 07:10 - 1149072 ____A C:\Windows\WindowsUpdate.log
2012-05-07 15:43 - 2012-05-07 15:43 - 1388155 ____A C:\Users\Samuel 2\Downloads\FRST64.exe
2012-05-07 15:41 - 2010-03-14 19:31 - 0001122 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1000UA.job
2012-05-07 15:25 - 2011-02-15 19:55 - 0001132 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
2012-05-07 15:15 - 2012-04-09 13:25 - 0000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-07 15:13 - 2012-03-16 23:45 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\Spotify
2012-05-07 15:11 - 2010-01-07 17:59 - 0001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-07 15:09 - 2009-12-07 20:44 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-05-07 15:09 - 2009-12-07 20:44 - 0000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-05-07 15:09 - 2009-12-07 20:44 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-05-07 14:58 - 2011-09-17 20:53 - 0000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
2012-05-07 14:40 - 2012-05-06 13:33 - 0145592 ____A C:\Users\Samuel 2\Downloads\Extras.Txt
2012-05-07 14:39 - 2012-05-06 13:32 - 0153550 ____A C:\Users\Samuel 2\Downloads\OTL.Txt
2012-05-07 14:38 - 2009-07-14 06:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-07 14:38 - 2009-07-14 06:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-07 14:33 - 2012-03-16 23:45 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Spotify
2012-05-07 14:30 - 2011-12-18 19:12 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Dropbox
2012-05-07 14:27 - 2011-02-09 14:55 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-05-07 14:27 - 2010-01-07 17:59 - 0001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-07 14:27 - 2009-12-02 17:49 - 3219787776 __ASH C:\hiberfil.sys
2012-05-07 14:27 - 2009-07-14 07:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-07 14:27 - 2009-07-14 06:51 - 0106314 ____A C:\Windows\setupact.log
2012-05-07 14:26 - 2009-12-02 17:49 - 0520768 ____A C:\Windows\PFRO.log
2012-05-07 14:24 - 2012-01-20 16:51 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\TempDIR
2012-05-07 14:24 - 2011-10-30 17:52 - 0000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-05-07 02:01 - 2010-03-22 20:52 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\Adobe
2012-05-06 20:59 - 2011-09-17 20:53 - 0000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
2012-05-06 20:41 - 2010-03-14 19:31 - 0001070 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1000Core.job
2012-05-06 20:19 - 2009-07-14 07:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-06 19:08 - 2012-05-06 19:08 - 0000000 ____D C:\_OTL
2012-05-06 19:07 - 2012-05-06 19:07 - 0544032 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-06 19:07 - 2012-05-06 19:07 - 0525600 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-06 19:07 - 2012-05-06 19:07 - 0191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-06 19:07 - 2012-05-06 19:07 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-06 19:07 - 2012-05-06 19:07 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-06 19:07 - 2012-05-06 19:07 - 0000000 ____D C:\Program Files\Java
2012-05-06 19:06 - 2012-05-06 19:05 - 17210144 ____A (Sun Microsystems, Inc.) C:\Users\Samuel 2\Downloads\jre-6u32-windows-x64.exe
2012-05-06 18:56 - 2011-09-10 16:25 - 0003254 ____A C:\Windows\Opera.ini
2012-05-06 16:33 - 2010-03-21 17:05 - 0000000 ____D C:\Users\Samuel 2\Hortus
2012-05-06 16:25 - 2011-02-15 19:55 - 0001080 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
2012-05-06 14:21 - 2012-05-06 14:19 - 0138236 ____A C:\TDSSKiller.2.7.34.0_06.05.2012_14.19.40_log.txt
2012-05-06 13:15 - 2012-05-06 13:15 - 0595456 ____A (OldTimer Tools) C:\Users\Samuel 2\Downloads\OTL.exe
2012-05-06 01:12 - 2010-06-22 16:45 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\FileZilla
2012-05-06 00:37 - 2010-01-23 13:06 - 0000000 ____D C:\Program Files (x86)\phase5
2012-05-05 23:46 - 2010-05-04 15:22 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\Paint.NET
2012-05-05 17:35 - 2012-05-05 17:35 - 0607260 ____R (Swearware) C:\Users\Samuel 2\Downloads\dds.scr
2012-05-05 17:29 - 2012-05-05 17:28 - 0143954 ____A C:\TDSSKiller.2.7.34.0_05.05.2012_17.28.29_log.txt
2012-05-04 23:07 - 2012-05-04 23:07 - 0002979 ____A C:\Users\Samuel 2\Desktop\HiJackThis.lnk
2012-05-04 21:25 - 2012-01-25 19:59 - 0000132 ____A C:\Users\Samuel 2\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-05-04 21:15 - 2012-04-09 14:15 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 21:15 - 2012-04-09 13:24 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 21:15 - 2011-05-17 17:25 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 20:11 - 2009-07-14 20:18 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-04 20:07 - 2012-05-04 20:02 - 0284248 ____A C:\TDSSKiller.2.7.34.0_04.05.2012_20.02.22_log.txt
2012-05-04 19:52 - 2012-05-04 19:52 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-04 19:52 - 2012-05-04 19:51 - 0140500 ____A C:\TDSSKiller.2.7.34.0_04.05.2012_19.51.12_log.txt
2012-05-04 19:52 - 2010-12-30 22:10 - 0007622 ____A C:\Users\Samuel 2\AppData\Local\resmon.resmoncfg
2012-05-04 19:51 - 2012-05-04 19:51 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Samuel 2\Downloads\tdsskiller.exe
2012-05-04 19:48 - 2012-05-04 19:48 - 1412608 ____A C:\Users\Samuel 2\Downloads\RogueKiller.exe
2012-05-04 19:48 - 2012-05-04 19:48 - 0000000 ____D C:\Users\Samuel 2\Desktop\RK_Quarantine
2012-05-04 19:23 - 2011-01-31 16:25 - 0000000 ____D C:\xampp
2012-05-04 19:06 - 2012-05-04 19:06 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Malwarebytes
2012-05-04 19:06 - 2012-05-04 19:06 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-04 19:06 - 2012-05-04 19:06 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-05-04 19:06 - 2012-05-04 19:06 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-04 19:05 - 2012-05-04 19:05 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Samuel 2\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-04 18:58 - 2012-05-04 18:58 - 0000931 ____A C:\Users\Samuel 2\Desktop\xampp_control.exe - Verknüpfung.lnk
2012-05-04 18:57 - 2011-09-17 19:17 - 0000000 ____D C:\Users\Samuel 2\Desktop\MouseWithoutBorders
2012-05-03 21:59 - 2012-05-03 21:59 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\{24ACB722-ACF8-4ED2-9610-E49F281D8F1C}
2012-05-03 14:59 - 2011-12-25 02:42 - 0002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-05-03 14:59 - 2011-12-25 02:42 - 0002028 ____A C:\Users\All Users\Desktop\Adobe Acrobat X Pro.lnk
2012-05-01 19:16 - 2011-11-02 01:44 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-04-25 17:10 - 2012-04-25 17:10 - 0024105 ____A C:\Users\Samuel 2\Downloads\email_address_crawler_3-3-tb3.xpi
2012-04-25 17:10 - 2012-04-25 16:40 - 0023436 ____A C:\Users\Samuel 2\Downloads\email_address_crawler_3-3-tb.xpi
2012-04-25 16:41 - 2012-04-25 16:41 - 0000000 ____D C:\Users\Samuel 2\Downloads\email_address_crawler_3-3-tb
2012-04-25 16:33 - 2012-04-25 16:33 - 0036276 ____A C:\Users\Samuel 2\Downloads\addresscontext-0.8.1-tb.xpi
2012-04-25 13:39 - 2012-04-25 13:39 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-25 13:39 - 2012-04-25 13:39 - 0000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-04-25 13:39 - 2012-04-25 13:39 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-25 13:39 - 2012-04-25 13:39 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 13:38 - 2009-12-07 20:54 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-24 18:18 - 2012-04-24 18:18 - 0009398 ____A C:\Users\Samuel 2\Downloads\mystunde_intersum(1).sql
2012-04-24 15:57 - 2012-04-24 15:57 - 0009407 ____A C:\Users\Samuel 2\Downloads\mystunde_intersum.sql
2012-04-23 20:05 - 2012-04-23 20:04 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
2012-04-23 20:04 - 2012-04-23 20:04 - 0367944 ____A (Conduit) C:\Users\Samuel 2\Downloads\Brothersoftdownloader_for_MSSQL_MySQL_Converter.exe
2012-04-23 20:00 - 2012-04-23 20:00 - 0000896 ____A C:\Users\Public\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
2012-04-23 20:00 - 2012-04-23 20:00 - 0000896 ____A C:\Users\All Users\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
2012-04-23 20:00 - 2012-04-23 19:59 - 0000000 ____D C:\Microsoft SQL Server Migration Assistant for MySQL
2012-04-23 19:59 - 2012-04-23 19:59 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Microsoft SQL Server Migration Assistant
2012-04-22 18:50 - 2012-04-22 18:50 - 2328272 ____A (DRPU Software Pvt. Ltd.) C:\Users\Samuel 2\Downloads\mysql-to-mssql.exe
2012-04-22 18:50 - 2012-04-22 18:50 - 0000000 ____D C:\Program Files (x86)\DRPU Database Converter - MySQL to MS SQL (Demo)
2012-04-22 18:14 - 2011-09-19 13:28 - 0000000 ____D C:\Users\Samuel 2\Documents\My Web Sites
2012-04-22 18:06 - 2012-04-22 16:48 - 0226694 ____A C:\Users\Samuel 2\Desktop\sogo-connector-10.0.1pre1.xpi
2012-04-22 16:14 - 2012-04-22 16:13 - 0047104 __ASH C:\Users\Samuel 2\AppData\Thumbs.db
2012-04-22 16:13 - 2012-04-22 16:13 - 0001160 ____A C:\Users\Samuel 2\AppData\AppData - Verknüpfung.lnk
2012-04-22 15:34 - 2010-03-21 16:23 - 0000000 ___AD C:\users\Samuel 2
2012-04-22 15:29 - 2012-04-22 15:29 - 8526615 ____A C:\Users\Samuel 2\Downloads\owncloud-1.0.0-setup.exe
2012-04-21 21:58 - 2011-09-19 13:28 - 0000000 ____D C:\Users\Samuel 2\Documents\IISExpress
2012-04-21 21:57 - 2012-04-21 21:57 - 0000000 ____D C:\Program Files (x86)\Microsoft WebMatrix
2012-04-21 21:55 - 2011-09-19 13:14 - 0000000 ____D C:\Program Files (x86)\IIS Express
2012-04-21 21:54 - 2010-02-25 22:35 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-21 21:47 - 2011-10-08 18:56 - 0000000 ____D C:\Users\Samuel 2\.zenmap
2012-04-21 19:51 - 2012-04-21 19:51 - 6360576 ____A C:\Users\Samuel 2\Downloads\httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
2012-04-21 19:16 - 2012-04-21 19:17 - 0001702 ____A C:\server.key
2012-04-21 19:15 - 2012-04-21 19:17 - 0001666 ____A C:\server.crt
2012-04-20 14:55 - 2012-04-20 14:55 - 0001055 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-20 14:55 - 2012-04-20 14:55 - 0001055 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-04-20 14:55 - 2010-03-21 16:30 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Mozilla
2012-04-20 14:51 - 2010-07-29 19:45 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2
2012-04-20 14:46 - 2012-04-20 14:46 - 0022523 ____A C:\Users\Samuel 2\Desktop\bookmarks-2012-04-20.json
2012-04-19 16:45 - 2012-04-19 16:45 - 0428031 ____A C:\Users\Samuel 2\Downloads\Vistaprint_Return_Address_Labels.zip
2012-04-18 20:12 - 2012-01-08 13:27 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\Eclipse
2012-04-18 15:58 - 2012-04-18 15:54 - 0859980 ____A C:\Users\Samuel 2\Desktop\Kuppelentwurf2.psd
2012-04-18 15:48 - 2012-04-18 15:48 - 0082612 ____A C:\Users\Samuel 2\Desktop\Kuppelentwurf.jpg
2012-04-16 19:55 - 2010-03-26 13:34 - 0211968 __ASH C:\Users\Samuel 2\Thumbs.db
2012-04-16 19:54 - 2012-04-16 19:54 - 0953979 ____A C:\Users\Samuel 2\AppContest_Ausschreibung_neu (2).pdf
2012-04-16 19:48 - 2012-04-16 19:47 - 17205024 ____A (Sun Microsystems, Inc.) C:\Users\Samuel 2\Downloads\jre-6u31-windows-i586-s.exe
2012-04-16 19:48 - 2009-07-14 19:58 - 0767098 ____A C:\Windows\System32\perfh007.dat
2012-04-16 19:48 - 2009-07-14 19:58 - 0178116 ____A C:\Windows\System32\perfc007.dat
2012-04-16 19:48 - 2009-07-14 07:13 - 1794026 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-15 16:16 - 2012-04-15 16:16 - 0270014 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_161439.png
2012-04-15 16:16 - 2012-04-15 16:16 - 0265421 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_161449.png
2012-04-15 16:16 - 2012-04-15 16:16 - 0262139 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_161459.png
2012-04-15 16:16 - 2012-04-15 16:16 - 0255742 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_161430.png
2012-04-15 00:50 - 2012-04-15 00:50 - 0277593 ____A C:\Users\Samuel 2\Downloads\IMG_15042012_004820.png
2012-04-15 00:01 - 2012-04-15 00:01 - 0393351 ____A C:\Users\Samuel 2\Downloads\IMG_14042012_235941.png
2012-04-14 23:59 - 2012-04-14 23:59 - 0322243 ____A C:\Users\Samuel 2\Downloads\IMG_14042012_235806.png
2012-04-14 23:59 - 2012-04-14 23:59 - 0322243 ____A C:\Users\Samuel 2\Downloads\IMG_14042012_235747.png
2012-04-14 23:22 - 2012-04-14 23:22 - 0007834 ____A C:\Users\Samuel 2\Downloads\sw-event(3).sql
2012-04-14 23:22 - 2012-04-14 23:22 - 0001272 ____A C:\Users\Samuel 2\Downloads\anmeldungen.sql
2012-04-13 22:06 - 2012-04-13 22:06 - 0008393 ____A C:\Users\Samuel 2\Downloads\sw-event(2).sql
2012-04-13 18:38 - 2012-04-13 18:38 - 0000000 ____D C:\php
2012-04-13 01:12 - 2009-12-02 18:03 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-13 01:12 - 2009-12-02 18:03 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-04-13 01:12 - 2009-12-02 18:03 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-13 01:05 - 2009-12-07 19:41 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-12 22:57 - 2012-04-12 20:25 - 0000000 ____D C:\Users\Samuel 2\facebook
2012-04-12 22:54 - 2012-04-12 22:54 - 0025796 ____A C:\Users\Samuel 2\Downloads\facebook-MisterX539387023(1).zip
2012-04-12 20:24 - 2012-04-12 20:23 - 12091453 ____A C:\Users\Samuel 2\Downloads\facebook-MisterX539387023.zip
2012-04-12 15:30 - 2012-04-12 15:30 - 0006933 ____A C:\Users\Samuel 2\Downloads\sw-event(1).sql
2012-04-12 12:26 - 2012-04-12 12:26 - 0008174 ____A C:\Users\Samuel 2\Downloads\sw-event.sql
2012-04-11 23:00 - 2012-04-11 23:00 - 0272529 ____A C:\Users\Samuel 2\Downloads\Smarty-stable.zip
2012-04-11 17:39 - 2010-06-06 16:24 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\TeamViewer
2012-04-11 17:39 - 2010-01-08 20:56 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-04-11 17:36 - 2012-04-11 17:36 - 3560712 ____A (TeamViewer GmbH) C:\Users\Samuel 2\Downloads\TeamViewer_Setup_de(1).exe
2012-04-11 00:06 - 2011-02-09 14:55 - 0014157 ____A C:\Windows\System32\lvcoinst.log
2012-04-11 00:05 - 2011-02-09 14:52 - 0000000 ____D C:\Program Files\Common Files\LogiShrd
2012-04-10 23:55 - 2011-06-14 15:41 - 0000000 ____D C:\Program Files\Zune
2012-04-10 23:52 - 2012-04-10 23:52 - 0000929 ____A C:\Users\Public\Desktop\Zune.lnk
2012-04-10 23:52 - 2012-04-10 23:52 - 0000929 ____A C:\Users\All Users\Desktop\Zune.lnk
2012-04-10 19:09 - 2010-03-21 16:23 - 0000000 ____D C:\Users\Samuel 2\AppData\LocalLow
2012-04-08 18:50 - 2012-04-08 18:48 - 5064532 ____A C:\Users\Samuel 2\Downloads\Scannen0005.pdf
2012-04-08 15:44 - 2010-04-19 15:37 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-08 15:41 - 2012-04-08 15:40 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\Samuel 2\Downloads\jxpiinstall(2).exe
2012-04-08 09:21 - 2012-04-07 10:53 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Steganos
2012-04-07 13:20 - 2012-04-07 13:20 - 0663680 ____A (Softwareentwicklung Patric Remus -ArchiCrypt) C:\Users\Samuel 2\Downloads\abtde.exe
2012-04-07 12:06 - 2012-04-07 12:01 - 0001281 ____A C:\Windows\System32\Drivers\etc\hosts.new
2012-04-07 11:52 - 2011-11-10 17:04 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\Akamai
2012-04-07 11:32 - 2012-04-07 11:32 - 0000000 ____D C:\Program Files (x86)\hijackthis
2012-04-07 11:30 - 2012-04-07 11:30 - 1402880 ____A C:\Users\Samuel 2\Downloads\HiJackThis.msi
2012-04-07 10:58 - 2012-04-07 10:58 - 0001113 ____A C:\Users\Public\Desktop\Privacy Suite Hauptmenü.lnk
2012-04-07 10:58 - 2012-04-07 10:58 - 0001113 ____A C:\Users\All Users\Desktop\Privacy Suite Hauptmenü.lnk
2012-04-07 10:58 - 2012-04-07 10:57 - 0000000 ____D C:\Program Files (x86)\Steganos Privacy Suite 12
2012-04-07 10:54 - 2012-04-07 10:53 - 40809168 ____A (Steganos Software GmbH) C:\Users\Samuel 2\Downloads\sss12int.exe
2012-04-07 10:52 - 2012-04-07 10:52 - 2447568 ____A (Steganos Software GmbH) C:\Users\Samuel 2\Downloads\sss12int_chip.exe
2012-04-07 00:35 - 2012-04-07 00:35 - 0298114 ____A C:\Users\Samuel 2\Downloads\IMG_07042012_003338.png
2012-04-05 17:35 - 2012-04-05 17:32 - 0000000 ____D C:\Users\Samuel 2\.freemind
2012-04-05 17:32 - 2012-04-05 17:32 - 0001891 ____A C:\Users\Samuel 2\Desktop\FreeMind.lnk
2012-04-05 17:32 - 2012-04-05 17:32 - 0000000 ____D C:\Program Files (x86)\FreeMind
2012-04-05 17:31 - 2009-07-14 05:20 - 0000000 ___RD C:\users\Public
2012-04-05 14:55 - 2012-04-05 14:55 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\FreeHideIP
2012-04-05 14:55 - 2012-04-05 14:55 - 0000000 ____D C:\Users\All Users\FreeHideIP
2012-04-05 14:55 - 2012-04-05 14:55 - 0000000 ____D C:\Users\All Users\Application Data\FreeHideIP
2012-04-05 14:55 - 2012-04-05 14:55 - 0000000 ____D C:\ProgramData\FreeHideIP
2012-04-05 14:54 - 2012-04-05 14:54 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\APN
2012-04-05 14:53 - 2012-04-05 14:53 - 4872390 ____A C:\Users\Samuel 2\Downloads\FreeHideIP-3.7.8.8.Setup.exe
2012-04-04 00:44 - 2012-04-04 00:44 - 0639850 ____A C:\Users\Samuel 2\Downloads\jquery.fancybox-1.3.4(1).zip
2012-04-02 16:20 - 2010-03-21 16:24 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\VirtualStore
2012-04-02 16:17 - 2011-11-01 19:36 - 0000000 ____D C:\Users\Samuel 2\AppData\Local\Thunderbird
2012-04-01 15:25 - 2012-04-01 15:24 - 2708476 ____A C:\Users\Samuel 2\Downloads\memory.zip
2012-04-01 15:15 - 2012-04-01 15:15 - 0639850 ____A C:\Users\Samuel 2\Downloads\jquery.fancybox-1.3.4.zip
2012-04-01 15:15 - 2012-04-01 15:15 - 0000000 ____D C:\Users\Samuel 2\Downloads\jquery.fancybox-1.3.4
2012-04-01 15:04 - 2012-04-01 15:02 - 0000000 ____D C:\Users\Samuel 2\Downloads\fancyapps-fancyBox-v2.0.5-0-g4c90b7d
2012-04-01 15:01 - 2012-04-01 15:00 - 0444531 ____A C:\Users\Samuel 2\Downloads\fancyapps-fancyBox-v2.0.5-0-g4c90b7d.zip
2012-03-31 22:41 - 2010-03-21 17:11 - 0000000 ____D C:\Users\Samuel 2\Documents\Visual Studio 2008
2012-03-31 22:08 - 2012-03-31 22:07 - 0891437 ____A C:\Users\Samuel 2\Downloads\templavoila_1.6.1.t3x
2012-03-31 20:27 - 2012-03-31 20:27 - 41076919 ____A C:\Users\Samuel 2\Downloads\introductionpackage-4.6.7.zip
2012-03-31 16:25 - 2012-03-31 16:25 - 3525948 ____A C:\Users\Samuel 2\Downloads\drupal-7.12.zip
2012-03-31 00:33 - 2012-03-31 00:33 - 0044903 ____A C:\Users\Samuel 2\Downloads\function.tagcloud.php
2012-03-31 00:23 - 2009-07-14 04:34 - 0001401 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-03-30 22:52 - 2012-03-30 22:52 - 0483328 ____A (Simon Tatham) C:\Users\Samuel 2\Downloads\putty.exe
2012-03-30 13:49 - 2011-06-18 11:17 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-30 13:49 - 2010-03-21 16:32 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Adobe
2012-03-30 13:47 - 2009-12-02 18:15 - 0437490 ____A C:\Windows\DirectX.log
2012-03-30 13:39 - 2012-03-30 13:39 - 0000000 ____D C:\Users\Samuel 2\Downloads\edge_p5-1_install_win_031612
2012-03-30 13:38 - 2012-03-30 13:32 - 209403408 ____A C:\Users\Samuel 2\Downloads\edge_p5-1_install_win_031612.zip
2012-03-29 15:56 - 2012-03-29 15:56 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-03-29 15:56 - 2012-03-29 15:56 - 0002491 ____A C:\Users\All Users\Desktop\Safari.lnk
2012-03-29 15:56 - 2010-07-23 12:12 - 0000000 ____D C:\Program Files (x86)\Safari
2012-03-29 15:54 - 2012-03-29 15:54 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-29 15:54 - 2012-03-29 15:54 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-03-29 15:54 - 2012-03-29 15:53 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 15:54 - 2012-03-29 15:53 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 15:53 - 2012-03-29 15:53 - 0000000 ____D C:\Program Files\iPod
2012-03-29 15:53 - 2009-12-25 11:48 - 0000000 ____D C:\Users\All Users\Application Data\Apple Computer
2012-03-29 15:53 - 2009-12-25 11:48 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-03-29 15:53 - 2009-12-25 11:48 - 0000000 ____D C:\ProgramData\Apple Computer
2012-03-29 15:48 - 2012-03-29 15:48 - 1645263 ____A C:\Users\Samuel 2\Downloads\radioicon.zip
2012-03-26 13:29 - 2009-07-14 07:08 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-25 18:13 - 2012-03-25 18:13 - 0892679 ____A C:\Users\Samuel 2\Downloads\IMG_25032012_181244.png
2012-03-25 18:07 - 2012-03-25 18:06 - 0892994 ____A C:\Users\Samuel 2\Downloads\IMG_25032012_180554.png
2012-03-24 22:57 - 2012-03-24 20:38 - 10172528 ____A C:\Users\Samuel 2\Downloads\mystundenplan2.psd
2012-03-24 20:31 - 2012-03-24 20:31 - 0896583 ____A C:\Users\Samuel 2\Downloads\IMG_24032012_193055.png
2012-03-24 15:52 - 2011-09-19 18:11 - 0000000 ____D C:\Users\Samuel 2\.VirtualBox
2012-03-24 15:34 - 2010-03-21 17:09 - 0000000 ____D C:\Users\Samuel 2\Documents\TrackMania
2012-03-23 23:33 - 2012-03-23 23:33 - 0240640 ____A C:\Users\Samuel 2\Downloads\RssScreenSaver_b2.msi
2012-03-23 23:33 - 2012-03-23 23:33 - 0000000 ____D C:\Users\All Users\Windows Genuine Advantage
2012-03-23 23:33 - 2012-03-23 23:33 - 0000000 ____D C:\Users\All Users\Application Data\Windows Genuine Advantage
2012-03-23 23:33 - 2012-03-23 23:33 - 0000000 ____D C:\ProgramData\Windows Genuine Advantage
2012-03-23 23:32 - 2012-03-23 23:32 - 1528184 ____A (Microsoft Corporation) C:\Users\Samuel 2\Downloads\GenuineCheck.exe
2012-03-23 17:44 - 2012-03-23 17:44 - 0000418 ____A C:\Users\Samuel 2\Downloads\Lars CSS - Versuch.zip
2012-03-23 17:44 - 2012-03-23 17:44 - 0000000 ____D C:\Users\Samuel 2\Downloads\Lars CSS - Versuch
2012-03-23 13:48 - 2012-03-23 13:48 - 3930272 ____A (TeamViewer GmbH) C:\Users\Samuel 2\Downloads\TeamViewer_Setup_de.exe
2012-03-20 23:12 - 2012-03-20 23:12 - 1150007 ____A C:\Users\Samuel 2\Downloads\IMG_20032012_221120.png
2012-03-20 18:08 - 2012-03-20 18:08 - 17004400 ____A C:\Users\Samuel 2\Downloads\Apple-Lion-Login.psd_(1).zip
2012-03-17 19:48 - 2012-02-07 19:20 - 0000000 ____D C:\Users\Samuel 2\Downloads\log
2012-03-17 19:41 - 2012-03-17 19:41 - 28753767 ____A C:\Users\Samuel 2\Downloads\siedler.jar
2012-03-16 23:45 - 2012-03-16 23:45 - 0085272 ____A (Spotify Ltd) C:\Users\Samuel 2\Downloads\SpotifySetup.exe
2012-03-16 23:45 - 2012-03-16 23:45 - 0001826 ____A C:\Users\Samuel 2\Desktop\Spotify.lnk
2012-03-16 23:26 - 2012-03-16 23:26 - 0028717 ____A C:\Users\Samuel 2\Downloads\cykod-FlashWavRecorder-40b08a2.zip
2012-03-16 23:09 - 2012-03-16 23:09 - 0092596 ____A C:\Users\Samuel 2\Downloads\jRecorder.zip
2012-03-16 16:45 - 2012-03-16 16:45 - 3818115 ____A C:\Users\Samuel 2\Downloads\latein.zip
2012-03-16 16:45 - 2012-03-16 16:45 - 1475201 ____A C:\Users\Samuel 2\Downloads\physik.zip
2012-03-16 16:45 - 2012-03-16 16:45 - 1262573 ____A C:\Users\Samuel 2\Downloads\mathe.zip
2012-03-15 15:20 - 2009-07-14 06:45 - 4977216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-12 19:47 - 2012-03-12 19:47 - 0000132 ____A C:\Users\Samuel 2\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-03-12 19:37 - 2012-03-12 19:37 - 0000000 ____D C:\Program Files (x86)\Inno Setup 5
2012-03-11 20:34 - 2012-03-11 19:49 - 0013379 ____A C:\Users\Samuel 2\Documents\samweb-invent-datei test.xml
2012-03-11 14:10 - 2011-01-21 22:24 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-11 14:10 - 2011-01-21 22:24 - 0000000 ____D C:\Users\All Users\Skype
2012-03-11 14:10 - 2011-01-21 22:24 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2012-03-11 14:10 - 2011-01-21 22:24 - 0000000 ____D C:\ProgramData\Skype
2012-03-11 00:02 - 2012-03-11 00:02 - 0023094 ____A C:\Users\Samuel 2\Downloads\DatePicker-V0.99-2006.09.01.jar
2012-03-10 23:30 - 2012-03-10 23:30 - 0192151 ____A C:\Users\Samuel 2\Downloads\JDatePicker-1.3.2-dist.zip
2012-03-10 03:06 - 2012-03-10 03:05 - 0000000 ____D C:\Users\Samuel 2\Downloads\crawshaw-sqlitejdbc-60b5f5c
2012-03-10 03:05 - 2012-03-10 03:04 - 0178303 ____A C:\Users\Samuel 2\Downloads\crawshaw-sqlitejdbc-60b5f5c.zip
2012-03-09 17:18 - 2010-03-27 20:57 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Apple Computer
2012-03-08 18:36 - 2012-03-08 18:36 - 0130032 ____A C:\Users\Samuel 2\Downloads\jcalendar.jar
2012-03-08 17:02 - 2012-03-08 17:02 - 0000000 ____D C:\Users\Samuel 2\.m2
2012-03-08 16:03 - 2010-11-15 17:54 - 0001245 ____A C:\Windows\System32\mapisvc.inf
2012-03-06 22:53 - 2009-12-25 12:38 - 1774932 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-06 08:53 - 2012-04-13 01:10 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-06 07:59 - 2012-04-13 01:10 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-06 07:59 - 2012-04-13 01:10 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 16:49 - 2012-03-05 16:49 - 17004400 ____A C:\Users\Samuel 2\Downloads\Apple-Lion-Login.psd_.zip
2012-03-04 20:14 - 2012-03-04 20:14 - 0079763 ____A C:\Users\Samuel 2\Documents\test.pdf
2012-03-01 17:15 - 2012-03-01 17:13 - 50396450 ____A C:\Users\Samuel 2\Downloads\PhotoshopTemplates.zip
2012-03-01 17:13 - 2012-03-01 17:10 - 0000000 ____D C:\Users\Samuel 2\windows8
2012-03-01 17:12 - 2012-03-01 17:12 - 1177432 ____A (Microsoft Corporation) C:\Users\Samuel 2\Downloads\win8express_full.exe
2012-03-01 17:07 - 2012-03-01 17:03 - 92193072 ____A (Oracle Corporation) C:\Users\Samuel 2\Downloads\VirtualBox-4.1.8-75467-Win.exe
2012-03-01 08:46 - 2012-04-13 01:05 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 08:38 - 2012-04-13 01:05 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 08:33 - 2012-04-13 01:05 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 08:28 - 2012-04-13 01:05 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 07:37 - 2012-04-13 01:05 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 07:33 - 2012-04-13 01:05 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 07:29 - 2012-04-13 01:05 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 18:58 - 2012-02-29 18:58 - 0530376 ____A C:\Users\Samuel 2\Downloads\PartCopy_v1.11.2.4.zip
2012-02-29 18:45 - 2011-09-19 18:20 - 0000000 ____D C:\Users\Samuel 2\VirtualBox VMs
2012-02-29 17:55 - 2012-02-29 17:20 - 3575371776 ____A C:\Users\Samuel 2\Downloads\Windows8-ConsumerPreview-64bit-German.iso
2012-02-29 17:15 - 2012-02-29 17:14 - 5233720 ____A (Microsoft Corporation) C:\Users\Samuel 2\Downloads\Windows8-ConsumerPreview-setup.exe
2012-02-28 17:49 - 2012-02-28 17:49 - 0000000 ____D C:\Users\Samuel 2\willi
2012-02-28 09:34 - 2012-04-13 01:11 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 09:02 - 2012-04-13 01:11 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 08:56 - 2012-04-13 01:11 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 08:50 - 2012-04-13 01:11 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 08:49 - 2012-04-13 01:11 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 08:48 - 2012-04-13 01:11 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 08:48 - 2012-04-13 01:11 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 08:47 - 2012-04-13 01:11 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 08:45 - 2012-04-13 01:11 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 08:43 - 2012-04-13 01:11 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 08:43 - 2012-04-13 01:11 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 08:42 - 2012-04-13 01:11 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 08:39 - 2012-04-13 01:11 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 03:52 - 2012-04-13 01:11 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 03:27 - 2012-04-13 01:11 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 03:18 - 2012-04-13 01:11 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-28 03:12 - 2012-04-13 01:11 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 03:11 - 2012-04-13 01:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-28 03:11 - 2012-04-13 01:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 03:09 - 2012-04-13 01:11 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 03:08 - 2012-04-13 01:11 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 03:06 - 2012-04-13 01:11 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-28 03:04 - 2012-04-13 01:11 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 03:03 - 2012-04-13 01:11 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-28 03:03 - 2012-04-13 01:11 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 02:59 - 2012-04-13 01:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 15:47 - 2011-12-18 19:21 - 0001012 ____A C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-26 00:57 - 2011-11-03 00:01 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-02-23 10:18 - 2009-12-07 19:41 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 19:24 - 2012-02-22 19:24 - 0077786 ____A C:\Users\Samuel 2\Downloads\SWFUpload v2.2.0.1 Core.zip
2012-02-22 14:06 - 2012-02-22 14:06 - 0812906 ____A C:\Users\Samuel 2\Downloads\tinymce_3.4.8.zip
2012-02-21 17:07 - 2012-02-21 17:07 - 0661081 ____A C:\Users\Samuel 2\Downloads\tinymce_3.4.8_jquery.zip
2012-02-20 19:25 - 2012-02-20 19:25 - 0001560 ____A C:\Users\Samuel 2\Downloads\user.sql
2012-02-20 11:53 - 2012-02-20 11:53 - 0344656 ____A C:\Users\Samuel 2\Downloads\Floral_brushes_II_by_hawksmont.zip
2012-02-20 11:30 - 2012-02-20 11:30 - 0149915 ____A C:\Users\Samuel 2\Downloads\Florar_and_Enchanting_II_by_Coby17.rar
2012-02-20 11:27 - 2012-02-20 11:27 - 2261192 ____A C:\Users\Samuel 2\Downloads\ornaments1198172544.zip
2012-02-19 14:50 - 2012-02-19 14:50 - 0437129 ____A C:\Users\Samuel 2\Downloads\XENU.ZIP
2012-02-19 14:50 - 2012-02-19 14:50 - 0000957 ____A C:\Users\Test\Desktop\Xenu.lnk
2012-02-19 14:50 - 2012-02-19 14:50 - 0000957 ____A C:\Users\Gast\Desktop\Xenu.lnk
2012-02-19 14:50 - 2012-02-19 14:50 - 0000957 ____A C:\Users\Bernhard\Desktop\Xenu.lnk
2012-02-19 14:50 - 2012-02-19 14:50 - 0000957 ____A C:\Users\Annette\Desktop\Xenu.lnk
2012-02-19 14:50 - 2012-02-19 14:50 - 0000000 ____D C:\Program Files (x86)\Xenu
2012-02-18 23:11 - 2012-02-18 23:11 - 0033451 ____A C:\Users\Samuel 2\Downloads\228.psd_.zip
2012-02-18 23:09 - 2012-02-18 23:09 - 1606311 ____A C:\Users\Samuel 2\Downloads\Free_Post_it_Notes_by_Bobbyperux.zip
2012-02-18 21:09 - 2012-02-18 21:08 - 3393304 ____A C:\Users\Samuel 2\Downloads\lynx2.8.6.zip
2012-02-18 21:07 - 2012-02-18 21:07 - 3647863 ____A C:\Users\Samuel 2\Downloads\lynx2.8.7.zip
2012-02-18 12:33 - 2012-02-18 12:33 - 0341002 ____A C:\Users\Samuel 2\Downloads\simplehtmldom_1_5.zip
2012-02-17 23:18 - 2012-02-17 23:18 - 3493304 ____A C:\Users\Samuel 2\Downloads\Map-markers.zip
2012-02-17 23:09 - 2012-02-17 23:09 - 7960599 ____A C:\Users\Samuel 2\Downloads\world-globe-psd-icons.zip
2012-02-17 08:38 - 2012-03-14 20:36 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 07:34 - 2012-03-14 20:36 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-17 06:58 - 2012-03-14 20:36 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-17 06:57 - 2012-03-14 20:36 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 17:59 - 2012-02-16 17:59 - 0084649 ____A C:\Users\Samuel 2\Downloads\mystunde_main.sql
2012-02-16 16:52 - 2012-02-16 16:16 - 0567522 ____A C:\Users\Samuel 2\Downloads\brankic1979-icon-set.zip
2012-02-16 16:04 - 2011-06-14 15:43 - 0000000 ___RD C:\Users\Samuel 2\Podcasts
2012-02-16 16:04 - 2010-03-21 16:24 - 0000174 ___SH C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 23:33 - 2009-12-02 18:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 18:49 - 2012-02-15 18:44 - 0000132 ____A C:\Users\Samuel 2\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-02-13 13:33 - 2012-02-13 13:33 - 0318355 ____A C:\Users\Samuel 2\Downloads\DmitryBaranovskiy-raphael-v2.0.1-2-g2b0c5a2.zip
2012-02-12 19:50 - 2012-02-12 19:46 - 0000000 ____D C:\Users\Samuel 2\alphabetic-checker
2012-02-12 19:46 - 2012-02-12 19:46 - 0000171 ____A C:\Users\Samuel 2\.gitconfig
2012-02-12 00:45 - 2012-02-12 00:45 - 0500655 ____A C:\Users\Samuel 2\Downloads\15.psd_.zip
2012-02-12 00:42 - 2012-02-12 00:42 - 1623703 ____A C:\Users\Samuel 2\Downloads\13.psd_.zip
2012-02-12 00:42 - 2012-02-12 00:42 - 0000000 ____D C:\Users\Samuel 2\Downloads\13.psd_
2012-02-11 21:29 - 2012-02-10 21:59 - 0000000 ____D C:\SLMEV
2012-02-11 18:13 - 2012-02-11 18:13 - 0659416 ____A C:\Users\Samuel 2\Downloads\MySQLDumper1.24.4(1).zip
2012-02-11 17:25 - 2012-02-11 17:25 - 0860736 ____A C:\Users\Samuel 2\Downloads\hexedit602.zip
2012-02-11 17:25 - 2012-02-11 17:25 - 0000000 ____D C:\Program Files (x86)\Hex-Editor MX
2012-02-11 17:03 - 2011-09-12 17:53 - 0010835 ____A C:\Users\Samuel 2\Philipp.stundenplan
2012-02-11 17:01 - 2012-02-11 17:01 - 0000000 ____D C:\Users\Samuel 2\Documents\TagsRevisited
2012-02-11 17:00 - 2012-02-11 17:00 - 0000000 ____D C:\Program Files (x86)\Safer Networking
2012-02-11 15:36 - 2012-02-11 15:36 - 4333832 ____A (Safer Networking Limited ) C:\Users\Samuel 2\Downloads\filealyz-2.0.5.57.exe
2012-02-11 13:56 - 2012-02-11 13:56 - 0003271 ____A C:\Users\Samuel 2\Downloads\accesslog_mystundenplan.de_2_11_2012.gz
2012-02-11 02:48 - 2012-02-11 02:48 - 0659416 ____A C:\Users\Samuel 2\Downloads\MySQLDumper1.24.4.zip
2012-02-11 01:44 - 2012-02-11 01:44 - 0000053 ____A C:\Users\Samuel 2\Downloads\googleef61b21461d474ff(1).html
2012-02-10 22:04 - 2012-02-10 22:04 - 0000000 ____D C:\Users\Samuel 2\AppData\Roaming\PopSoft
2012-02-10 22:04 - 2012-02-10 22:04 - 0000000 ____D C:\Users\All Users\PopSoft
2012-02-10 22:04 - 2012-02-10 22:04 - 0000000 ____D C:\Users\All Users\Application Data\PopSoft
2012-02-10 22:04 - 2012-02-10 22:04 - 0000000 ____D C:\ProgramData\PopSoft
2012-02-10 22:04 - 2012-02-10 21:57 - 0000000 ____D C:\Program Files (x86)\DMXControl
2012-02-10 22:02 - 2010-12-25 17:05 - 0034738 ____A C:\Windows\DPINST.LOG
2012-02-10 22:01 - 2010-12-25 17:05 - 0000000 ____D C:\Program Files\DIFX
2012-02-10 21:56 - 2012-02-10 21:55 - 14275044 ____A C:\Users\Samuel 2\Downloads\DMXControl_2.11_Setup.exe
2012-02-10 21:02 - 2012-02-10 21:02 - 0002929 ____A C:\Users\Samuel 2\Downloads\backup.zip
2012-02-10 20:44 - 2012-02-10 20:44 - 0002201 ____A C:\Users\Samuel 2\Downloads\dropboxuploader-115.zip
2012-02-10 20:03 - 2012-02-10 20:03 - 0019189 ____A C:\Users\Samuel 2\Downloads\BenTheDesigner-Dropbox-a095d71.zip
2012-02-10 19:35 - 2012-02-10 19:35 - 5715671 ____A C:\Users\Samuel 2\Downloads\latest.zip
2012-02-10 08:36 - 2012-03-14 20:38 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 07:38 - 2012-03-14 20:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 22:15 - 2010-04-03 11:15 - 0000000 ____D C:\Program Files (x86)\Opera
2012-02-09 20:51 - 2012-02-09 20:51 - 24614896 ____A (Google Inc.) C:\Users\Samuel 2\Downloads\chrome_installer17.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 4094.18 MB
Available physical RAM: 3432.91 MB
Total Pagefile: 4092.32 MB
Available Pagefile: 3421.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:920.75 GB) (Free:346.69 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:10.69 GB) (Free:4.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: () (Removable) (Total:1.85 GB) (Free:1.19 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 931 GB 0 B
Datentr„ger 1 Kein Medium 0 B 0 B
Datentr„ger 2 Kein Medium 0 B 0 B
Datentr„ger 3 Kein Medium 0 B 0 B
Datentr„ger 4 Kein Medium 0 B 0 B
Datentr„ger 5 Online 1900 MB 0 B

Partitions of Disk 0:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 31 KB
Partition 2 Prim„r 10 GB 79 MB
Partition 3 Prim„r 920 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Typ : DE
Versteckt: Ja
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 78 MB Fehlerfre Versteck

======================================================================================================

Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 10 GB Fehlerfre

======================================================================================================

Disk: 0
Partition 3
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 920 GB Fehlerfre

======================================================================================================

Partitions of Disk 1:
===============

Auf diesem Datentr„ger sind keine Partitionen, die angezeigt werden k”nnen, vorhanden.

======================================================================================================

Partitions of Disk 2:
===============

Auf diesem Datentr„ger sind keine Partitionen, die angezeigt werden k”nnen, vorhanden.

======================================================================================================

Partitions of Disk 3:
===============

Auf diesem Datentr„ger sind keine Partitionen, die angezeigt werden k”nnen, vorhanden.

======================================================================================================

Partitions of Disk 4:
===============

Auf diesem Datentr„ger sind keine Partitionen, die angezeigt werden k”nnen, vorhanden.

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 1898 MB 1808 KB

======================================================================================================

Disk: 5
Partition 1
Typ : 06
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT Wechselmed 1898 MB Fehlerfre

======================================================================================================

==========================================================

Last Boot: 2012-05-01 20:46

======================= End Of Log ==========================
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby samweb » May 7th, 2012, 12:59 pm

OTL fix log

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3109684298-3459403227-3296056258-1013\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Annette
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Bernhard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ereignisprotokollese
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Samuel

User: Samuel 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 919292 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70386692 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 690 bytes

User: Test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158535 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 82562 bytes

Total Files Cleaned = 68,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 05072012_194809

Files\Folders moved on Reboot...
File\Folder C:\Users\Samuel 2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODWXRR2Q\index[1].htm not found!
File\Folder C:\Windows\temp\kls69D2.tmp not found!

Registry entries deleted on Reboot...
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby Gary R » May 7th, 2012, 5:43 pm

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
Unlock: C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\drivers\etc\hosts

    • Save it to your USB flashdrive as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Boot into Recovery Environment

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your USB flashdrive.
  • Exit out of Recovery Environment and post me the log please.

Next

With your computer booted into normal mode

  • Click Start > Control Panel > Appearance and personalisation > Show hidden files and folders
  • Check the following items ...
    • Show hidden files, folders and drives
    • Hide protected operating system files (Recommended).
  • Click OK

Next we need to create a file.

  • Click Start then in the Search programs and files box type Notepad.exe hit Enter.
  • This will open a Notepad file.
  • Copy/Paste the contents of the box below into that file.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to hosts names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be seperated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 acme.com # x client host
#
127.0.0.1 localhost

  • Click on Format and ensure Wordwrap is unchecked.
  • Save as HOSTS.txt in this location. C:\Windows\System32\drivers\etc

Now we need to rename the file.

  • Go to C:\Windows\System32\drivers\etc
  • Right click on HOSTS.txt and select Rename.
  • Rename to HOSTS (no extension) and save.
  • You will get a prompt about changing file extension, please allow it.

Next

Run a new scan with OTL ....

Can you run a new scan for me with OTL .....

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce only one log this time.
    • OTL.txt (open on your desktop).
  • Please post me the log.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • Latest OTL.txt
  • Let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Add box in left corner

Unread postby samweb » May 8th, 2012, 10:18 am

Here is the fixlog.txt the other one is comming soon...

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 06-05-2012
Ran by SYSTEM at 2012-05-08 17:02:44 Run:1
Running from J:\

==============================================

permissions for C:\Windows\System32\drivers\etc\hosts restored successfully
C:\Windows\System32\drivers\etc\hosts moved successfully.

==== End of Fixlog ====
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby samweb » May 8th, 2012, 10:26 am

And here is the OTL log

OTL logfile created on: 08.05.2012 16:16:49 - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Samuel 2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,20% Memory free
7,99 Gb Paging File | 5,26 Gb Available in Paging File | 65,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920,75 Gb Total Space | 348,10 Gb Free Space | 37,81% Space Free | Partition Type: NTFS

Computer Name: SAMUELS-PC | User Name: Samuel 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.06 13:15:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Samuel 2\Downloads\OTL.exe
PRC - [2012.05.04 19:22:40 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Samuel 2\AppData\Roaming\Spotify\spotify.exe
PRC - [2012.04.25 13:38:31 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Samuel 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2011.08.18 13:32:12 | 000,084,480 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe
PRC - [2011.08.18 13:32:10 | 000,057,344 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe
PRC - [2011.08.18 13:26:34 | 000,017,408 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe
PRC - [2011.05.13 06:45:56 | 001,756,232 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2011.05.02 10:48:08 | 000,216,064 | ---- | M] (DDHelper) -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
PRC - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011.03.01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.08.17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.07.16 08:29:44 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~2\WinTV\TVServer\CAPTUR~4.EXE
PRC - [2009.07.13 16:22:32 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
PRC - [2009.06.24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.15 19:16:44 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
PRC - [2008.12.18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.11.04 13:18:46 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe
PRC - [2008.09.26 10:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.04 21:15:23 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.05.04 19:22:40 | 020,101,120 | ---- | M] () -- C:\Users\Samuel 2\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012.04.25 13:38:28 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.02.16 16:05:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 16:04:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.10.13 19:46:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.13 06:46:02 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2011.05.13 06:46:00 | 000,123,976 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll
MOD - [2011.04.25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.03.30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009.06.18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.07.17 19:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.07.29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012.05.04 21:15:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.25 13:38:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.29 10:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 15:46:38 | 000,029,184 | ---- | M] () [On_Demand | Stopped] -- c:\servicetest.exe -- (MemoryStatus)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011.09.08 16:12:10 | 000,075,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011.08.31 17:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)
SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.08 12:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.08.17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009.07.13 16:22:32 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.04.15 19:16:44 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2009.04.01 00:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2008.12.18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.21 18:42:10 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.08.15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.03 16:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010.09.01 22:54:40 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2010.07.12 14:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010.07.12 14:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.07 10:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009.07.17 19:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 19:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.29 17:04:56 | 000,061,696 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw17bda.sys -- (hcw17bda)
DRV:64bit: - [2009.06.27 01:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.11.22 19:16:32 | 000,137,344 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2010.11.22 19:16:32 | 000,009,472 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lemsgt.sys -- (lemsgt)
DRV - [2010.02.17 14:21:12 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3022EC30-BE01-40C9-819C-A490324CFA0F}
IE:64bit: - HKLM\..\SearchScopes\{3022EC30-BE01-40C9-819C-A490324CFA0F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {47A20817-C7C8-4F00-9472-675D993A0B01}
IE - HKLM\..\SearchScopes\{47A20817-C7C8-4F00-9472-675D993A0B01}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 79 D4 B4 21 9A CC 01 [binary data]
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes,DefaultScope = {47A20817-C7C8-4F00-9472-675D993A0B01}
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=711e51b0-7141-4717-b6c5-6abbfec3e135&apn_sauid=5CD5C783-5301-4871-8ADF-694208A5987F
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{47A20817-C7C8-4F00-9472-675D993A0B01}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.03.12 17:04:32 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.03.12 17:04:32 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Samuel 2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Samuel 2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Samuel 2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 8.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2011.10.27 20:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 8.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 14:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.09.16 17:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.05.03 14:59:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{09F060FA-566D-42D7-BF79-97AB30863433}: C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012.04.07 10:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012.04.07 10:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 13:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.03 14:59:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.22 16:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 14:03:29 | 000,000,000 | ---D | M]

[2012.04.20 14:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel 2\AppData\Roaming\mozilla\Extensions
[2012.05.02 18:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel 2\AppData\Roaming\mozilla\Firefox\Profiles\kep8s61o.default\extensions
[2012.04.20 14:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.12.07 21:21:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.04.25 13:38:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://www.bigseekpro.com/search/toolba ... ickfigure/{DB9CECAF-E669-EB8A-080A-38E4A6A39D12}?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Microsoft Lync 2010 Attendee Meeting Join Plug-in (Enabled) = C:\Users\Samuel 2\AppData\Roaming\Mozilla\plugins\npMeetingJoinPluginAOCUser.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Samuel 2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Facebook Colour Changer = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam\1.3.1_0\
CHR - Extension: Google-Suche = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Pivot Stickfigure = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo\1.0.0\
CHR - Extension: Google Mail = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012.05.08 16:14:37 | 000,000,639 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O3 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SSS12 File Redirection Starter] C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SSS12 HotKeys] C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [Akamai NetSession Interface] C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [Spotify] C:\Users\Samuel 2\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [SSS12 Browser Monitor] C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe (Steganos Software GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ereignisprotokollese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Samuel 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F6F725C-584D-4E5C-AE21-C7EC5D37ABCC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.17 08:03:22 | 000,000,663 | ---- | M] () - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.07 16:51:48 | 000,000,000 | ---D | C] -- C:\FRST
[2012.05.06 19:08:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.06 19:07:45 | 000,544,032 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.05.06 19:07:45 | 000,525,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.06 19:07:44 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.05.06 19:07:44 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.05.06 19:07:44 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.05.06 19:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.04 19:52:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.05.04 19:48:11 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\Desktop\RK_Quarantine
[2012.05.04 19:06:37 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Malwarebytes
[2012.05.04 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 21:59:21 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Local\{24ACB722-ACF8-4ED2-9610-E49F281D8F1C}
[2012.04.25 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.25 13:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.23 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
[2012.04.23 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\Documents\Downloads
[2012.04.23 20:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server Migration Assistant for MySQL
[2012.04.23 19:59:59 | 000,000,000 | ---D | C] -- C:\Microsoft SQL Server Migration Assistant for MySQL
[2012.04.23 19:59:59 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Microsoft SQL Server Migration Assistant
[2012.04.22 18:50:30 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DRPU Database Converter - MySQL to MS SQL (Demo)
[2012.04.22 18:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DRPU Database Converter - MySQL to MS SQL (Demo)
[2012.04.21 21:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
[2012.04.21 21:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WebMatrix
[2012.04.13 18:38:10 | 000,000,000 | ---D | C] -- C:\php
[2012.04.13 01:11:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.13 01:11:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.13 01:11:26 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.13 01:11:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.13 01:11:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.13 01:11:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.13 01:11:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.13 01:11:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.13 01:11:25 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.13 01:11:25 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.13 01:11:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.13 01:10:41 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.13 01:10:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.13 01:10:40 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.13 01:05:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.13 01:05:08 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.13 01:05:05 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.12 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\facebook
[2012.04.10 23:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012.04.09 14:15:11 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.09 13:24:06 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012.05.08 17:03:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.08 17:03:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.05.08 17:03:39 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.08 16:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.08 16:14:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 16:14:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 16:14:37 | 000,000,639 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2012.05.08 16:11:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.08 16:11:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.08 15:41:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1000UA.job
[2012.05.07 21:25:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.05.07 20:58:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.05.07 20:58:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.07 20:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1000Core.job
[2012.05.06 19:07:32 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.05.06 19:07:32 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.05.06 19:07:31 | 000,544,032 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.05.06 19:07:31 | 000,525,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.06 19:07:31 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.05.06 18:56:51 | 000,003,254 | ---- | M] () -- C:\Windows\Opera.ini
[2012.05.06 16:25:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.04 23:07:38 | 000,002,979 | ---- | M] () -- C:\Users\Samuel 2\Desktop\HiJackThis.lnk
[2012.05.04 21:25:24 | 000,000,132 | ---- | M] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.05.04 21:15:23 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 21:15:23 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.04 21:15:16 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.04 19:52:16 | 000,007,622 | ---- | M] () -- C:\Users\Samuel 2\AppData\Local\resmon.resmoncfg
[2012.05.04 18:58:01 | 000,000,931 | ---- | M] () -- C:\Users\Samuel 2\Desktop\xampp_control.exe - Verknüpfung.lnk
[2012.05.03 14:59:52 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.04.23 20:00:01 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
[2012.04.22 18:06:20 | 000,226,694 | ---- | M] () -- C:\Users\Samuel 2\Desktop\sogo-connector-10.0.1pre1.xpi
[2012.04.21 19:16:00 | 000,001,702 | ---- | M] () -- C:\server.key
[2012.04.21 19:15:10 | 000,001,666 | ---- | M] () -- C:\server.crt
[2012.04.20 14:55:07 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 14:46:31 | 000,022,523 | ---- | M] () -- C:\Users\Samuel 2\Desktop\bookmarks-2012-04-20.json
[2012.04.18 15:58:35 | 000,859,980 | ---- | M] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf2.psd
[2012.04.18 15:48:17 | 000,082,612 | ---- | M] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf.jpg
[2012.04.16 19:54:46 | 000,953,979 | ---- | M] () -- C:\Users\Samuel 2\AppContest_Ausschreibung_neu (2).pdf
[2012.04.16 19:48:50 | 001,794,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.16 19:48:50 | 000,767,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.16 19:48:50 | 000,709,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.16 19:48:50 | 000,178,116 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.16 19:48:50 | 000,144,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.10 23:52:36 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk

========== Files Created - No Company Name ==========

[2012.05.04 23:07:38 | 000,002,979 | ---- | C] () -- C:\Users\Samuel 2\Desktop\HiJackThis.lnk
[2012.05.04 18:58:01 | 000,000,931 | ---- | C] () -- C:\Users\Samuel 2\Desktop\xampp_control.exe - Verknüpfung.lnk
[2012.04.23 20:00:01 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
[2012.04.22 16:48:54 | 000,226,694 | ---- | C] () -- C:\Users\Samuel 2\Desktop\sogo-connector-10.0.1pre1.xpi
[2012.04.21 19:17:39 | 000,001,666 | ---- | C] () -- C:\server.crt
[2012.04.21 19:17:11 | 000,001,702 | ---- | C] () -- C:\server.key
[2012.04.20 14:55:07 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.20 14:55:07 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 14:46:30 | 000,022,523 | ---- | C] () -- C:\Users\Samuel 2\Desktop\bookmarks-2012-04-20.json
[2012.04.18 15:54:13 | 000,859,980 | ---- | C] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf2.psd
[2012.04.18 15:48:17 | 000,082,612 | ---- | C] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf.jpg
[2012.04.16 19:54:46 | 000,953,979 | ---- | C] () -- C:\Users\Samuel 2\AppContest_Ausschreibung_neu (2).pdf
[2012.04.11 17:39:05 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.04.10 23:52:36 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.09 13:25:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.12 19:47:11 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.02.15 18:44:46 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.01.25 19:59:12 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.12.21 18:46:18 | 000,017,408 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\WebpageIcons.db
[2011.11.18 18:17:51 | 000,001,456 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.10.30 17:55:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.09.10 16:25:53 | 000,003,254 | ---- | C] () -- C:\Windows\Opera.ini
[2011.08.14 12:12:51 | 000,000,173 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\msmathematics.qat.Samuel 2
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011.01.21 22:26:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.30 22:10:29 | 000,007,622 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\resmon.resmoncfg
[2010.12.29 16:08:46 | 000,315,392 | ---- | C] () -- C:\Windows\autobuildnumber.exe
[2010.12.17 16:15:57 | 000,000,096 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\fusioncache.dat
[2010.12.08 18:26:36 | 000,000,600 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\winscp.rnd
[2010.11.26 23:12:28 | 000,000,600 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\PUTTY.RND
[2010.11.22 19:16:32 | 000,137,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\hwpsgt.sys
[2010.11.22 19:16:32 | 000,009,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\lemsgt.sys
[2010.11.02 11:59:12 | 000,981,059 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.02 11:59:12 | 000,009,332 | ---- | C] () -- C:\Windows\unins000.dat
[2010.09.13 17:42:36 | 000,002,913 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\Temppenciltemp.png
[2010.07.30 18:36:18 | 000,006,656 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.26 19:01:54 | 000,020,179 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\UserTile.png
[2010.07.10 14:50:11 | 000,000,075 | RHS- | C] () -- C:\Windows\ICLET30.BIN
[2010.06.30 16:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\~QUIZ
[2010.06.09 18:36:49 | 000,001,463 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\RecConfig.xml
[2010.06.08 13:59:36 | 000,179,179 | ---- | C] () -- C:\Windows\hphins15.dat
[2010.06.08 13:59:36 | 000,002,011 | ---- | C] () -- C:\Windows\hphmdl15.dat

========== LOP Check ==========

[2010.12.25 16:42:21 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Arduino
[2010.11.22 19:18:01 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Ascaron Entertainment
[2011.11.18 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Bitcoin
[2010.10.06 17:17:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Blender Foundation
[2011.12.12 19:37:03 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\CBL-Electronics
[2011.11.11 16:33:39 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.30 18:12:36 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Cocoon Software
[2011.11.04 00:09:08 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011.11.26 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.11.02 20:16:41 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.02 23:02:42 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\DarkWave Studio
[2011.11.05 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Dev-Cpp
[2012.05.08 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Dropbox
[2010.05.21 12:40:38 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\DzSoft
[2010.07.10 13:52:55 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\EurekaLog
[2012.05.07 21:43:08 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FileZilla
[2010.07.02 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FOG Downloader
[2012.04.05 14:55:38 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FreeHideIP
[2010.11.16 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FRITZ!
[2012.04.23 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
[2011.06.17 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\go
[2012.01.13 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\gtk-2.0
[2010.06.24 16:00:35 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Imperium Romanum
[2010.06.08 16:14:00 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Inkscape
[2010.10.03 19:57:03 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\ISTool
[2011.02.09 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Leadertech
[2010.07.23 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Lost Marble
[2011.04.23 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\ManyCam
[2010.11.26 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\MrJobs
[2010.04.03 11:16:19 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Opera
[2010.07.26 19:01:54 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\PeerNetworking
[2012.02.10 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\PopSoft
[2011.12.25 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Sony
[2012.05.08 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Spotify
[2011.11.03 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.04.08 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Steganos
[2012.04.11 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\TeamViewer
[2011.11.01 19:36:17 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Thunderbird
[2011.05.28 22:45:18 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\WildTangent
[2010.12.07 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Windows Live Writer
[2011.03.10 22:52:43 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\XMedia Recode
[2012.05.07 20:58:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.07 20:58:02 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.03.26 13:29:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


I had today no add boxes more but I just had been on the PC for half an hour now and sometimes they dont appear and after some time again so I will look for it...
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby Gary R » May 8th, 2012, 4:05 pm

Looks like your Hosts file was successfully reset, and I don't see any signs of active malware in your latest logs.

Time to do a little housekeeping ....

First

We need to rehide hidden and system files.

  • Click Start > Control Panel > Appearance and personalisation > Show hidden files and folders
    • Check ....
      • Don't show hidden files, folders and drives
      • Hide protected operating system files (Recommended).
    • Click OK

    Next

    Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller.
    • Double click OTL.exe to launch the programme.
    • Click on the CleanUp! button.
    • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
    • You will be prompted to allow the clean up procedure, click Yes
    • When finished exit out of OTL
    • Now delete OTL.exe (if still present).

    Next

    Please delete ....

    FRST64.exe
    FRST.txt
    Fixlist.txt
    Fixlog.txt


    As far as I can see, your computer looks clear of infection now.

    Are you still noticing any problems ?
    • If you are let me know about them.
    • If not it's time to make your computer more secure.

    Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

    If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Add box in left corner

Unread postby samweb » May 9th, 2012, 1:03 pm

Ok Garry,
thank you really really much for your help im really glad about it, that you had been able to help me!

Greeting
Samuel
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby Gary R » May 9th, 2012, 1:33 pm

You're welcome, glad we could help. :)

Keep safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware