Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mystart incredibar los werden...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.09.2012, 09:16   #1
sgoff
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



Hi

ich gehöre dann jetzt auch zu denen die sich die Mystart incredibar eingefangen haben
Obwohl ich es bereits deinstalliert habe und auch FF nochmal neu installiert habe erscheint es immer wieder im Browser.
Habe schon mal ein bisschen hier im Forum gelesen und malwarebytes über mein System laufen lassen. Hier das Ergebnis.
Wäre für Hilfe seeehhr dankbar!


Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX [Administrator]

Schutz: Aktiviert

08.09.2012 10:04:55
mbam-log-2012-09-08 (10-04-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203070
Laufzeit: 5 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-4260611793-2327404832-2183412067-1000\$RM6BN73.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-4260611793-2327404832-2183412067-1000\$RYRCSP7.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXX\AppData\Local\Temp\{ACAC3EAD-2B96-DB99-ED60-2FABA880CFD0}\Addons\wxdownload_extension.exe (Adware.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 08.09.2012, 20:11   #2
t'john
/// Helfer-Team
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 09.09.2012, 08:43   #3
sgoff
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



Hi,

danke, dass du mir helfen wirst ich hoffe mal, dass wir das ganze auch ohne Formatierung hinbekommen werden.

Hier schon mal die logfile von Malware:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.08.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX [Administrator]

Schutz: Aktiviert

09.09.2012 01:56:13
mbam-log-2012-09-09 (01-56-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387690
Laufzeit: 1 Stunde(n), 32 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und die beiden vom OTL scan:

--> ExtrasOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.09.2012 09:46:15 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 51,43% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 270,78 Gb Free Space | 59,82% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
h**p [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
h**ps [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
h**p [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
h**ps [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037AD81A-E22A-46B4-AF40-4D7240B1A492}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{04D98282-A037-4CA2-B78A-2C9B11ECE60D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0793EBC1-EE81-4F53-B171-201AF30E73B5}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{0E8C8AAD-C36E-4A50-A32E-BA023064E7B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0ED28CE8-D80A-45C5-8256-5503F70118AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{14700711-0634-4BB0-B31D-49026546456A}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{16146637-FD36-48D9-ADDF-B3A347A269A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{188BC027-FBCF-4094-9C7C-67426C44993F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B30FB51-7152-490F-BA9B-388EE8046954}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{22601FF5-7031-4A08-A873-8269AA15CE75}" = lport=445 | protocol=6 | dir=in | app=system | 
"{22938790-C0E3-4548-AC8F-C4F542233704}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{277093A5-3165-4E1B-AADF-A8A8BA9121F9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{2C40F972-4FF1-4E9B-8C6A-20A7F08F0659}" = rport=138 | protocol=17 | dir=out | app=system | 
"{38BC940B-23C8-4C35-B600-A6FEDC2AD133}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4715A850-4EFB-4C8D-BA94-EBAE793D5FC9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4DDD4BD5-EEF5-4434-9FEF-BD3A4AC93589}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{54DF0AE9-3F1B-478C-A42F-1F6DCF2A933E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6D6CC398-0CB7-4907-9848-66FF721C0673}" = lport=6931 | protocol=6 | dir=in | name=league of legends launcher | 
"{780F83CA-D69D-4279-A3E7-E8693A5D1988}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher | 
"{7E4CFAA0-ECBF-45C1-9B76-4E30F9E81ECE}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{89D5B2F6-6E19-4857-B8F6-E53BEA374B41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{904D9B50-7933-44FA-84E3-108C7FA1DB31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{929648D5-D453-4206-AA98-F26B8F7C773F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9C24F2D9-8F2D-435D-9B13-9C56C6CABAFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB1FAA93-B305-4312-AD6B-9928CFFC7582}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | 
"{ACB66537-535B-4481-A097-36BCC12C2168}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AECC6886-793F-48B8-B2AE-6810C84FA0B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B45A435D-4392-451B-8103-9A0B75150272}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B4761062-7468-4903-ABE4-8CCAF6883CF8}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher | 
"{D69F0E9B-868F-4BDC-8913-E2DB697E7429}" = lport=6931 | protocol=17 | dir=in | name=league of legends launcher | 
"{D9F3555A-9787-4B4E-BDBF-BAA13A6EE63A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED29FDE8-B8F0-49AE-B3B9-A0041DECB5BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F05195F1-9527-4ACA-AE87-D69B1A3382CA}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03217617-7D80-4EEC-9A81-AF67A6E0D099}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{036BCB81-9200-45FA-A96D-9746318C0460}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{04367458-B5AC-4B09-8D4F-B6DE52D5058F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{050E1AA5-943E-4B1C-9835-550A22DB18BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{0D08DE98-DED7-4389-BFC8-EF43EC1E91FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{116D5039-82CC-4B14-BCA7-75EB7F713307}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1AD67806-1339-46E2-A6F2-F61809828B7D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{1D898AA6-8A38-4F40-973A-F58E39CFA7B2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{24A8FD8D-CC64-499F-86C4-EED8EC7B7EBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A109F16-3B45-4595-B0FC-14F46C2D3FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{3C57DBA4-3E04-4C04-9DC8-D2F6E25D80A8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3D014FC9-4CDC-444E-99CF-52DF733E5F0F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3E87B7A4-7B5A-4637-96D1-614CD9C69777}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{41876C72-6B0C-4B70-806F-71288F4A2C93}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{41E5D4E7-3DB8-4E1E-86F1-CCF2351E38DB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4AA3FD4A-DF15-43BD-ADF7-86BD93E0A90A}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{4F69F450-97ED-4571-9C68-9A05E99EA9B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{6ED3FFB8-FDF0-4EF1-9482-E7696ABD2328}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{70A3FF5F-2A98-4A86-97D5-CA948399BB10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{76E5A928-ADDB-456A-B991-5AF52F41644D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{77AF4D87-F2FA-4866-AA82-385FC3378AE3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{802A5AF2-9C4E-40C9-B444-633EDD79C8B3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{83481D8B-61F4-437E-9B8D-CCED31C6CD4E}" = protocol=6 | dir=out | app=system | 
"{8BEC3B95-E956-4030-A3E5-4CA06204856F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F579E42-6C8F-4735-8E1E-7581623165B9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{94EDC563-A12D-46FF-AD7E-05BC1B0BAA7F}" = dir=in | app=c:\users\XXX\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{9A36198E-CD89-4F95-B4EC-183967D48B8F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{A9B47213-C4A2-4E79-9186-5326D7E833EA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{ABCE3192-96A8-4D34-BF82-12FE49A28A55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ABCF7E8C-7C95-4A05-B318-90D37B69BBD8}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{AE2536EC-B6FE-45CD-89EC-378D93AE5A10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B0A5BD13-A015-4EAC-8AF0-0055C556A944}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B0FA292F-7CF1-40C0-BAE2-45DB94E29F80}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{B6124E29-D588-47C4-B8A6-114594AC92A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BDA2DF55-E019-4D71-83EB-183543C6140B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{BEF04E4E-719C-4D95-9265-16F7DE8BA9B6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{C5CCE7DA-E9CF-466C-AE6C-166DAA732B5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C63CAE3C-2647-445B-8986-615A2644104F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CB0E84D2-B354-429C-9645-AC258DEF7915}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CCBDE3BB-D40D-45F4-963D-8BFDE861CAB9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D8CFC9EE-CBF6-48FB-9D89-CD3C773C1AB2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DB16286B-AA6F-4766-A9E7-127125459A54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB17D83F-DB39-43AB-BEE5-A5A7D58FE2C2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DF66951A-1CF9-46E9-9D84-7C9F9427745F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{E00147F4-9D07-4D94-9152-89621941718C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EC9FD79A-6AE7-43C1-8947-2E7C9A08386E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F3E532C8-BD40-4B2A-99EE-CEB85EB4171D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F442448F-7C05-49AB-94A4-BAD32D93C39B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FD59E429-75F7-4AA0-9696-DE0C6FB1C598}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{FE1159B6-0FBF-4CA9-8CD4-750EF431DF70}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"TCP Query User{3C113989-FADD-4A3E-8674-29C05F9B0E84}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{3DFEA7CB-0562-40EF-9F88-9E05A970D7CF}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{8C9D11DD-1B30-43A7-B4DD-6C6142B68AAD}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{9EF10235-C97C-4323-8D75-FCD3754F37AB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{D163F225-750C-4927-A8DD-9BC175DF1335}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"TCP Query User{D18346BE-A6CB-4A09-94D5-29BAC718865F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{EEA7B7D6-DB94-4A28-8CEC-1DD3BF69CBC0}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{F431BC02-C47C-4BC1-8A9E-CFC81E66B5C4}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{F5AAF67D-EAAA-4DD6-81D2-C9C3F073B01D}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{12999E46-1127-4147-929D-227583B7E5F2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{2C68BEEB-7ECF-40F6-B89B-0778A0FE2BB3}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{354FBEDA-B579-40E1-8A76-8212F144990A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{52C6DE3C-6914-4274-B555-6B715C89ABFB}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"UDP Query User{64D678CE-38F7-4916-B964-4E8DB894D4F8}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{90EA3A20-59D6-449E-86F8-336E89E66DFA}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{A4AC10AA-B4FF-42F2-BDC3-FA63B0C7923C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{E265453B-6B01-40A9-99CD-7F1000BD5E16}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{EF6802F3-2AF3-471D-825D-FFBBB44B9F16}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{369ABA06-0536-4E6A-A1FC-40983E268F47}" = Nitro PDF Reader 2
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3B78C03B-3CE9-42D8-A873-D06A6913AB59}" = eDocPrinter PDF Pro 6.73(x64) MSI
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF43C18E-693D-4126-B190-8F55E3623D5D}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.19
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D6C6D02-F201-42AA-B53B-7B5166B6705C}" = FIFA 12 DEMO
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9014D8FC-388A-435A-BED1-B268E5490B7F}" = Business English Wortschatztrainer 5.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4987FC4-33BE-4227-B290-FAA1819B65C2}" = Vokabeltrainer-Update 5.0.27
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}" = Microsoft redistributable runtime DLLs VS2005(x86)
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"AC3Filter_is1" = AC3Filter 1.63b
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ArcaniA" = ArcaniA - Gothic 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MetaTrader 4" = MetaTrader 4
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.3.2
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.43
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{dfc307dd-ab9f-4f7b-844c-a97d6e70cac4}_is1" = FitLive 1.1.15
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"FoxTab FLV Player" = FoxTab FLV Player
"pdfsam" = pdfsam
"Smart Shutdown Manager" = Smart Shutdown Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.09.2012 18:49:52 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = 
 
Error - 03.09.2012 18:49:52 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = 
 
Error - 03.09.2012 18:49:53 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = 
 
Error - 03.09.2012 18:49:53 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = 
 
Error - 03.09.2012 18:49:53 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = 
 
Error - 03.09.2012 18:49:54 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = 
 
Error - 03.09.2012 18:49:54 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = 
 
Error - 03.09.2012 18:49:54 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = 
 
Error - 07.09.2012 19:29:22 | Computer Name = XXX | Source = WxDFastUpdater | ID = 0
Description = 
 
Error - 07.09.2012 19:29:41 | Computer Name = XXX | Source = OptimizerPro1Updater | ID = 0
Description = 
 
[ System Events ]
Error - 07.09.2012 12:33:59 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "KMService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 07.09.2012 14:19:49 | Computer Name = XXX | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{4439E49E-F056-419B-8461-8E10EA371A61} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 07.09.2012 18:10:07 | Computer Name = XXX | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.09.2012 18:10:11 | Computer Name = XXX | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.09.2012 18:10:12 | Computer Name = XXX | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.09.2012 20:00:47 | Computer Name = XXX | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 08.09.2012 03:43:04 | Computer Name = XXX | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 08.09.2012 04:18:11 | Computer Name = XXX | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 08.09.2012 04:23:30 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 08.09.2012 09:01:18 | Computer Name = XXX | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
 
< End of report >
         
--- --- ---


--> und die OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.09.2012 09:46:15 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 51,43% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 270,78 Gb Free Space | 59,82% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ipsecd) -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe ()
SRV - (dtpd) -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe ()
SRV - (iked) -- C:\Programme\ShrewSoft\VPN Client\iked.exe ()
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{3CAE1CAF-D323-4181-A92D-EC0AAA953887}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://acer.msn.com
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.com
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://startsear.ch/?aff=1&src=sp&cf=b4cd361f-0238-11e1-92a6-60eb6956d497&q={searchTerms}
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = h**p://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "h**p://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: bug489729@alice0775:1.7
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\XXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.16 13:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.16 13:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 10:01:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 01:31:36 | 000,000,000 | ---D | M]
 
[2010.12.17 18:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012.08.09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.09.08 01:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions
[2012.07.26 00:04:44 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.02 17:54:43 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.25 21:54:11 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\bug489729@alice0775
[2011.01.15 15:31:07 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\firefox@tvunetworks.com
[2012.09.08 00:38:52 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com
[2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\extensions\gophoto@gophoto.it.xpi
[2012.09.08 01:52:26 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.09 01:55:54 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-1.xml
[2012.01.10 02:24:01 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-10.xml
[2012.02.03 19:48:40 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-11.xml
[2012.02.13 18:36:35 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-12.xml
[2012.02.18 17:18:10 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-13.xml
[2012.03.18 10:27:30 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-14.xml
[2012.03.29 09:11:08 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-15.xml
[2012.06.20 10:34:16 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-16.xml
[2012.07.18 20:59:57 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-17.xml
[2012.09.01 10:44:33 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-18.xml
[2012.09.08 00:36:44 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-19.xml
[2011.07.23 22:17:10 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-2.xml
[2012.09.08 00:54:51 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-20.xml
[2011.08.16 19:45:14 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-3.xml
[2011.09.01 19:21:21 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-4.xml
[2011.09.09 15:39:27 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-5.xml
[2011.10.08 16:25:11 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-6.xml
[2011.10.29 16:20:02 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-7.xml
[2011.11.14 19:10:22 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-8.xml
[2011.11.29 11:12:03 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-9.xml
[2011.06.17 08:23:12 | 000,001,056 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin.xml
[2012.09.08 10:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 20:16:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\XXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: DivX HiQ = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: GoPhoto.it = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3279AE16-AC56-49D8-A3A1-B4E3B654904E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34184B1B-7BE0-45B3-8423-9C7F45DD020F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{405E68F1-F1AD-4BD8-89FE-3C1C6FE5BA71}: Domain = fh-trier.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{405E68F1-F1AD-4BD8-89FE-3C1C6FE5BA71}: NameServer = 143.93.54.7,143.93.54.11
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.09 09:44:14 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.09.08 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\FIFA 12
[2012.09.08 16:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.09.08 12:43:20 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.09.08 12:43:20 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.09.08 10:03:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2012.09.08 10:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.08 10:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.08 10:03:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.08 10:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.08 10:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.08 02:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.09.08 02:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.09.08 02:06:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Anti-Malware
[2012.09.08 02:05:02 | 174,779,744 | ---- | C] (Emsisoft GmbH                                               ) -- C:\Users\XXX\Desktop\EmsisoftAntiMalwareSetup.exe
[2012.09.08 01:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.08 01:21:56 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.08 01:21:56 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.08 01:21:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.08 01:21:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.08 01:21:47 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.08 01:03:54 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.09.08 01:03:53 | 000,026,464 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.09.08 01:03:53 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.09.08 01:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.09.08 01:03:03 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\TuneUp Software
[2012.09.08 01:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012.09.08 01:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.09.08 01:02:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.09.08 01:02:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.09.08 01:01:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Wise Registry Cleaner
[2012.09.08 01:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2012.09.08 01:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2012.09.08 00:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\OptimizerPro1
[2012.09.07 20:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.04 17:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.04 17:36:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Google
[2012.09.04 17:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.09.02 14:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.08.24 02:25:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Langenscheidt
[2012.08.24 02:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Langenscheidt
[2012.08.24 02:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Langenscheidt Wortschatztrainer 5.0
[2012.08.24 02:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vokabeltrainer 5
[2012.08.16 03:03:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 03:03:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 03:03:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 03:03:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 03:03:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 03:03:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 03:03:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 03:03:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 03:03:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 03:03:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 03:03:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 03:03:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 03:03:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 16:01:27 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 16:01:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 16:01:24 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 16:01:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 16:00:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 16:00:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 16:00:18 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 16:00:16 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.12 03:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4
[2012.08.12 03:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaTrader 4
[2012.08.12 03:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MetaQuotes
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.09 09:44:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.09.08 17:46:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.08 15:10:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 15:10:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 15:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.08 15:00:59 | 3113,295,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.08 10:03:52 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.08 10:01:58 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.08 02:07:23 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.08 02:06:46 | 174,779,744 | ---- | M] (Emsisoft GmbH                                               ) -- C:\Users\XXX\Desktop\EmsisoftAntiMalwareSetup.exe
[2012.09.08 02:00:32 | 000,413,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.08 01:43:51 | 000,511,265 | ---- | M] () -- C:\Users\XXX\Desktop\adwCleaner2000.exe
[2012.09.08 01:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.08 01:21:39 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.08 01:21:39 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.08 01:21:39 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.08 01:21:39 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.08 01:21:39 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.08 01:21:39 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.08 01:17:09 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.08 01:17:09 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.08 01:03:52 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.09.08 01:03:52 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.09.08 01:00:57 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2012.09.08 00:51:03 | 000,000,113 | ---- | M] () -- C:\Users\XXX\Documents\1Click.cfg
[2012.09.08 00:50:59 | 000,000,272 | ---- | M] () -- C:\Users\XXX\Documents\Success Strategies From A Millionaire Consultant Robbins Eker.magnet
[2012.09.08 00:46:15 | 000,000,787 | ---- | M] () -- C:\Users\XXX\Documents\Success Strategies From A Millionaire Consultant - Robbins Eker Kiyosaki Proctor.rar.magnet
[2012.09.08 00:41:54 | 000,000,787 | ---- | M] () -- C:\Users\XXX\Documents\(Bmc) Be A Successfull Consultant - Insider Guide To Setup And Running Consulting Service.pdf.magnet
[2012.09.08 00:40:20 | 000,018,295 | ---- | M] () -- C:\Users\XXX\Documents\Cambridge IELTS 8 - Book   Audio torrent.torrent
[2012.09.07 11:28:28 | 000,584,086 | ---- | M] () -- C:\Users\XXX\Desktop\Geldpolitische Strategie und Instrumente der Europäischen Zentralbank.pdf
[2012.09.05 07:46:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.04 14:30:52 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.09.04 14:30:44 | 000,026,464 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.09.04 14:30:44 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.08.26 22:00:58 | 001,530,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.26 22:00:58 | 000,666,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.26 22:00:58 | 000,626,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.26 22:00:58 | 000,135,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.26 22:00:58 | 000,110,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.08 10:03:52 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.08 10:01:58 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.08 10:01:58 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.08 02:07:23 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.08 01:43:46 | 000,511,265 | ---- | C] () -- C:\Users\XXX\Desktop\adwCleaner2000.exe
[2012.09.08 01:03:52 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.09.08 01:03:52 | 000,002,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.09.08 01:03:52 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.09.08 01:00:57 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2012.09.08 00:50:59 | 000,000,272 | ---- | C] () -- C:\Users\XXX\Documents\Success Strategies From A Millionaire Consultant Robbins Eker.magnet
[2012.09.08 00:46:15 | 000,000,787 | ---- | C] () -- C:\Users\XXX\Documents\Success Strategies From A Millionaire Consultant - Robbins Eker Kiyosaki Proctor.rar.magnet
[2012.09.08 00:41:54 | 000,000,787 | ---- | C] () -- C:\Users\XXX\Documents\(Bmc) Be A Successfull Consultant - Insider Guide To Setup And Running Consulting Service.pdf.magnet
[2012.09.08 00:40:22 | 000,000,113 | ---- | C] () -- C:\Users\XXX\Documents\1Click.cfg
[2012.09.08 00:40:19 | 000,018,295 | ---- | C] () -- C:\Users\XXX\Documents\Cambridge IELTS 8 - Book   Audio torrent.torrent
[2012.09.04 17:36:28 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.04 17:36:28 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.04 17:31:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.25 13:57:00 | 000,584,086 | ---- | C] () -- C:\Users\XXX\Desktop\Geldpolitische Strategie und Instrumente der Europäischen Zentralbank.pdf
[2012.03.22 11:26:28 | 000,000,734 | ---- | C] () -- C:\Windows\saplogon.ini
[2011.12.05 21:49:39 | 000,005,120 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.13 17:28:05 | 000,138,396 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.20 17:03:24 | 000,000,017 | ---- | C] () -- C:\Users\XXX\AppData\Local\resmon.resmoncfg
[2011.05.02 14:37:30 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\epdf0406.dll
[2011.02.17 15:36:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\epdf0407.dll
[2011.01.04 13:20:44 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.01.03 20:04:53 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.12.27 14:53:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.27 11:38:14 | 000,000,095 | ---- | C] () -- C:\Users\XXX\AppData\Local\fusioncache.dat
[2010.12.26 18:29:35 | 001,550,808 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.26 18:28:22 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.26 18:28:21 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.12.26 18:28:21 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.17 18:12:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.20 06:27:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2011.03.15 15:53:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canneverbe Limited
[2010.12.18 01:27:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite
[2011.11.08 19:38:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Downloaded Installations
[2011.01.02 17:54:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.15 18:07:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Fit3DLive
[2011.01.26 22:58:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FOG Downloader
[2011.06.07 10:07:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\freac
[2012.01.24 17:52:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2012.08.24 02:25:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Langenscheidt
[2011.04.19 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\LolClient
[2012.07.28 21:47:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Nitro PDF
[2011.09.23 22:45:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera
[2012.09.08 01:03:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TuneUp Software
[2010.12.18 02:46:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ubisoft
[2012.09.08 01:05:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Wise Registry Cleaner
[2012.07.12 17:32:32 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4260611793-2327404832-2183412067-1000Core1cd60438e3ce47c.job
[2012.06.23 16:28:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4260611793-2327404832-2183412067-1000UA.job
[2012.07.18 22:38:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >
         
--- --- ---
__________________

Alt 10.09.2012, 02:28   #4
t'john
/// Helfer-Team
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{3CAE1CAF-D323-4181-A92D-EC0AAA953887}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://startsear.ch/?aff=1&src=sp&cf=b4cd361f-0238-11e1-92a6-60eb6956d497&q={searchTerms} 
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = h**p://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaulturl: "h**p://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..extensions.enabledAddons: bug489729@alice0775:1.7 
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3 
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 
FF - prefs.js..extensions.enabledItems: 5 
FF - prefs.js..extensions.enabledItems: 3 
FF - prefs.js..extensions.enabledItems: 1 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found 
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O27:64bit: - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) 
O32 - HKLM CDRom: AutoRun - 1 
[2012.09.08 16:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess 
[2012.09.08 02:05:02 | 174,779,744 | ---- | C] (Emsisoft GmbH ) -- C:\Users\XXX\Desktop\EmsisoftAntiMalwareSetup.exe 
[2012.09.08 01:03:54 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe 
[2012.09.08 01:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 
[2012.09.08 01:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software 
[2012.09.08 01:02:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 
[2012.09.08 01:43:51 | 000,511,265 | ---- | M] () -- C:\Users\XXX\Desktop\adwCleaner2000.exe 
[2012.09.08 00:41:54 | 000,000,787 | ---- | M] () -- C:\Users\XXX\Documents\(Bmc) Be A Successfull Consultant - Insider Guide To Setup And Running Consulting Service.pdf.magnet 
[2012.09.08 10:01:58 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 
[2012.09.08 01:03:52 | 000,002,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk 

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 
[2012.09.09 01:55:54 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-1.xml 
[2012.01.10 02:24:01 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-10.xml 
[2012.02.03 19:48:40 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-11.xml 
[2012.02.13 18:36:35 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-12.xml 
[2012.02.18 17:18:10 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-13.xml 
[2012.03.18 10:27:30 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-14.xml 
[2012.03.29 09:11:08 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-15.xml 
[2012.06.20 10:34:16 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-16.xml 
[2012.07.18 20:59:57 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-17.xml 
[2012.09.01 10:44:33 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-18.xml 
[2012.09.08 00:36:44 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-19.xml 
[2012.09.08 00:38:52 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com 
[2011.07.23 22:17:10 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-2.xml 
[2012.09.08 00:54:51 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-20.xml 
[2011.08.16 19:45:14 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-3.xml 
[2011.09.01 19:21:21 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-4.xml 
[2011.09.09 15:39:27 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-5.xml 
[2011.10.08 16:25:11 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-6.xml 
[2011.10.29 16:20:02 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-7.xml 
[2011.11.14 19:10:22 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-8.xml 
[2011.11.29 11:12:03 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-9.xml 
[2011.06.17 08:23:12 | 000,001,056 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin.xml 
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml 
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml 
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 
[2012.09.08 01:03:03 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\TuneUp Software 
[2012.09.08 01:03:52 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk 
[2012.09.08 01:03:52 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk 

[2010.12.27 14:53:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
[2012.07.12 17:32:32 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4260611793-2327404832-2183412067-1000Core1cd60438e3ce47c.job 
[2012.06.23 16:28:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4260611793-2327404832-2183412067-1000UA.job 
:Files
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\XXX\AppData\Local\{*}
C:\Users\XXX\AppData\Local\Temp\*.exe
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=-

[-HKEY_USERS\S-1-5-21-3912799286-88314524-4274648788-1000\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 10.09.2012, 16:50   #5
sgoff
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



Die Logfile vom OTL-Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CAE1CAF-D323-4181-A92D-EC0AAA953887}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CAE1CAF-D323-4181-A92D-EC0AAA953887}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKU\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "h**p://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: bug489729@alice0775:1.7 removed from extensions.enabledAddons
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3 removed from extensions.enabledAddons
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems
Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 removed from extensions.enabledItems
Prefs.js: vshare@toolbar:1.0.2 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: firefox@tvunetworks.com:2 removed from extensions.enabledItems
Prefs.js: 5 removed from extensions.enabledItems
Prefs.js: 3 removed from extensions.enabledItems
Prefs.js: 1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nobuclient.exe\ deleted successfully.
C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstlink.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstview.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nobuclient.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstlink.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstview.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\boost_interprocess\79D5C0FAC18DCD01 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
C:\Users\***\Desktop\EmsisoftAntiMalwareSetup.exe moved successfully.
C:\Windows\SysNative\TURegOpt.exe moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013\Alle Funktionen folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities 2013\Web folder moved successfully.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities 2013\de-DE scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities 2013 scheduled to be moved on reboot.
C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler folder moved successfully.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities scheduled to be moved on reboot.
C:\ProgramData\TuneUp Software\TU2013 folder moved successfully.
Folder move failed. C:\ProgramData\TuneUp Software scheduled to be moved on reboot.
C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} folder moved successfully.
C:\Users\***\Desktop\adwCleaner2000.exe moved successfully.
C:\Users\***\Documents\(Bmc) Be A Successfull Consultant - Insider Guide To Setup And Running Consulting Service.pdf.magnet moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk moved successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\tests folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\lib folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\data folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\windows folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\window folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\utils folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\traits folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\events folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\event folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\dom folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\content folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\data folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\resources folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\locale folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\defaults\preferences folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software\TuneUp Utilities\CrashDumps folder moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software\TU2013\TuningIndex folder moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software\TU2013\StartUp Manager folder moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software\TU2013\Speed Optimizer folder moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software\TU2013\Dashboard folder moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software\TU2013\Backups folder moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software\TU2013 folder moved successfully.
C:\Users\***\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk moved successfully.
C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4260611793-2327404832-2183412067-1000Core1cd60438e3ce47c.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4260611793-2327404832-2183412067-1000UA.job moved successfully.
========== FILES ==========
File\Folder C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX not found.
C:\ProgramData\FullRemove.exe moved successfully.
C:\ProgramData\Temp\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3} folder moved successfully.
C:\ProgramData\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\***\AppData\Local\{*} not found.
File\Folder C:\Users\***\AppData\Local\Temp\*.exe not found.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_USERS\S-1-5-21-3912799286-88314524-4274648788-1000\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 1747548884 bytes
->Temporary Internet Files folder emptied: 10068366 bytes
->FireFox cache emptied: 1143297207 bytes
->Google Chrome cache emptied: 345015704 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 85534 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533399 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1143153 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 69854 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.098,00 mb
 
 
OTL by OldTimer - Version 3.2.61.2 log created on 09102012_173810

Files\Folders moved on Reboot...
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities 2013\de-DE scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities 2013\de-DE scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities 2013 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities 2013\de-DE scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities 2013 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software\TuneUp Utilities scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\TuneUp Software scheduled to be moved on reboot.
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Die Logfile vom vollständigen Malwarescan
Code:
ATTFilter
         
Logfile von adaware die 1.
Code:
ATTFilter
         
Logfile von adaware die 2.
Code:
ATTFilter
         
komisch, kan nden Beitrag irgendwie nicht editieren.. muss das also so machen, sorry :/ also hier die logfile für Malware:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

10.09.2012 17:48:42
mbam-log-2012-09-10 (17-48-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 380093
Laufzeit: 1 Stunde(n), 59 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
hier die Logfile vom adaware Scan:
Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/10/2012 um 19:56:28 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6R8EupW9sb&loc=FF_NT");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [34315 octets] - [08/09/2012 01:44:00]
AdwCleaner[R2].txt - [34376 octets] - [08/09/2012 01:44:30]
AdwCleaner[R3].txt - [33649 octets] - [08/09/2012 01:58:46]
AdwCleaner[S3].txt - [33859 octets] - [08/09/2012 01:59:01]
AdwCleaner[R4].txt - [1464 octets] - [08/09/2012 02:02:20]
AdwCleaner[R5].txt - [1465 octets] - [10/09/2012 19:56:28]

########## EOF - C:\AdwCleaner[R5].txt - [1525 octets] ##########
         
und zu guter letzt die File nach dem Neustart:
Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/10/2012 um 19:58:27 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6R8EupW9sb&loc=FF_NT");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [34315 octets] - [08/09/2012 01:44:00]
AdwCleaner[R2].txt - [34376 octets] - [08/09/2012 01:44:30]
AdwCleaner[R3].txt - [33649 octets] - [08/09/2012 01:58:46]
AdwCleaner[S3].txt - [33859 octets] - [08/09/2012 01:59:01]
AdwCleaner[R4].txt - [1464 octets] - [08/09/2012 02:02:20]
AdwCleaner[R5].txt - [1594 octets] - [10/09/2012 19:56:28]
AdwCleaner[S4].txt - [2180 octets] - [10/09/2012 19:58:27]

########## EOF - C:\AdwCleaner[S4].txt - [2240 octets] ##########
         


Alt 11.09.2012, 00:23   #6
t'john
/// Helfer-Team
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL
:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=-

[-HKEY_USERS\S-1-5-21-3912799286-88314524-4274648788-1000\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]

:Files
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
--> Mystart incredibar los werden...

Alt 11.09.2012, 16:26   #7
sgoff
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



also die Toolbar ist schon weg habe ich gestern Abend ganz vergessen zu erwähnen. Gibt es sonst noch Probleme oder für was sind die folgenden Schritte noch gut?

Hier die Logfile nach dem Fix:
Code:
ATTFilter
========== OTL ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_USERS\S-1-5-21-3912799286-88314524-4274648788-1000\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
========== FILES ==========
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js moved successfully.
 
OTL by OldTimer - Version 3.2.61.2 log created on 09112012_172422
         
zu früh gefreut... nach nem Neustart ist die Toolbar wieder da

Alt 12.09.2012, 08:34   #8
t'john
/// Helfer-Team
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



Scan mit SystemLook

Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

Download Mirror #1

User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind 
    incredi
    
    :folderfind 
    assist
    
    :filefind 
    prefs.js
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.09.2012, 16:32   #9
sgoff
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



alles klar, wie ist denn bisher deine Einschätzung?

Hier dann die Logfile:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 17:22 on 12/09/2012 by ***
Administrator - Elevation successful

========== regfind ==========

Searching for "incredi"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\74247d5_0]
@="{0.0.0.00000000}.{1a0baafe-2fe9-4275-8eed-ed8b0ee8c816}|\Device\HarddiskVolume3\Users\***\AppData\Local\Temp\{ACAC3EAD-2B96-DB99-ED60-2FABA880CFD0}\Addons\incredibar_install.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IncrediMail]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS]
[HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\74247d5_0]
@="{0.0.0.00000000}.{1a0baafe-2fe9-4275-8eed-ed8b0ee8c816}|\Device\HarddiskVolume3\Users\***\AppData\Local\Temp\{ACAC3EAD-2B96-DB99-ED60-2FABA880CFD0}\Addons\incredibar_install.exe%b{00000000-0000-0000-0000-000000000000}"

========== folderfind ==========

Searching for "assist"
No folders found.

========== filefind ==========

Searching for "prefs.js"
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js	--a---- 141 bytes	[22:54 07/09/2012]	[22:54 07/09/2012] D12B21094CA0A40A24842D25F58C18E0
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js	--a---- 6620 bytes	[15:20 12/09/2012]	[15:20 12/09/2012] FEE1F8070C89DCD40403840C82BC8FDD
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js	--a---- 1602 bytes	[21:56 25/07/2012]	[22:54 07/09/2012] 6C3C5A3C22FF437117B27ACDCC6453DC
C:\_OTL\MovedFiles\09102012_173810\C_Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\defaults\preferences\prefs.js	--a---- 94 bytes	[05:55 02/08/2012]	[22:54 07/09/2012] 129863DF10003181FE5DB0B6559838C8
C:\_OTL\MovedFiles\09112012_172422\C_Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js	--a---- 11737 bytes	[15:24 11/09/2012]	[15:24 11/09/2012] BC360894DDA3D8833558AD247DD5B93F

-= EOF =-
         

Alt 15.09.2012, 10:47   #10
t'john
/// Helfer-Team
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



In welchen Browsern tauchts noch auf?

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL
:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\74247d5_0]
[-HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\74247d5_0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS]
:Files
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 15.09.2012, 11:17   #11
sgoff
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



War im Firefox, aber ist jetzt auch da weg

Code:
ATTFilter
========== OTL ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\74247d5_0\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4260611793-2327404832-2183412067-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\74247d5_0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS\ deleted successfully.
========== FILES ==========
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js moved successfully.
 
OTL by OldTimer - Version 3.2.61.2 log created on 09152012_120645
         
Habe eben mal den Laptop nach dem Fix selber neugestartet und nach dem Neustart waren dann die im Anhang zu sehenden Dateien und noch ein paar beschädigte Worddokumente bei mir auf dem Desktop. Kann ich das alles einfach löschen oder wo kommen die her?!
Miniaturansicht angehängter Grafiken
Mystart incredibar los werden...-unbenannt.jpg  

Alt 15.09.2012, 12:28   #12
sgoff
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



ich werde aus dem Dingen nicht schlau :/

schmeiße ich meine ICQ toolbar raus (die kam iwie automatisch, nachdem die incredibar weg war), starte firefox neu und habe wieder die incredibar drin.. kann doch nicht wahr sein

Alt 16.09.2012, 17:52   #13
t'john
/// Helfer-Team
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



hast du in der Zwischenzeit noch was anderes installiert an Software?

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





Scan mit SystemLook

Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

Download Mirror #1

User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind 
    incredi
    perion
    
    :folderfind 
    assist
    perion
    
    :filefind 
    prefs.js
    perion
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.09.2012, 19:01   #14
sgoff
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



nur Acer- und Windwosupdates, sonst nichts. Aber nach dem Fix mit adaware ist die Toolbar jetzt mal wieder weg. Ich bin mal gespannt wie lange.

Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/16/2012 um 19:48:27 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6R8EupW9sb&loc=FF_NT");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [34315 octets] - [08/09/2012 01:44:00]
AdwCleaner[R2].txt - [34376 octets] - [08/09/2012 01:44:30]
AdwCleaner[R3].txt - [33649 octets] - [08/09/2012 01:58:46]
AdwCleaner[S3].txt - [33859 octets] - [08/09/2012 01:59:01]
AdwCleaner[R4].txt - [1464 octets] - [08/09/2012 02:02:20]
AdwCleaner[R5].txt - [1594 octets] - [10/09/2012 19:56:28]
AdwCleaner[S4].txt - [2305 octets] - [10/09/2012 19:58:27]
AdwCleaner[S5].txt - [1712 octets] - [16/09/2012 19:48:27]

########## EOF - C:\AdwCleaner[S5].txt - [1772 octets] ##########
         
hier die Logfilge vom systemlook scan:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 19:53 on 16/09/2012 by ***
Administrator - Elevation successful

========== regfind ==========

Searching for "incredi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IncrediMail]

Searching for "perion"
No data found.

========== folderfind ==========

Searching for "assist"
No folders found.

Searching for "perion"
No folders found.

========== filefind ==========

Searching for "prefs.js"
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js	--a---- 6442 bytes	[17:51 16/09/2012]	[17:51 16/09/2012] DC45F865AB226122BCCA1A7086560B44
C:\_OTL\MovedFiles\09102012_173810\C_Users\***\AppData\Roaming\mozilla\firefox\profiles\5b1nbsno.default\extensions\OneClickDownload@OneClickDownload.com\defaults\preferences\prefs.js	--a---- 94 bytes	[05:55 02/08/2012]	[22:54 07/09/2012] 129863DF10003181FE5DB0B6559838C8
C:\_OTL\MovedFiles\09112012_172422\C_Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js	--a---- 11737 bytes	[15:24 11/09/2012]	[15:24 11/09/2012] BC360894DDA3D8833558AD247DD5B93F
C:\_OTL\MovedFiles\09152012_120645\C_Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js	--a---- 141 bytes	[22:54 07/09/2012]	[22:54 07/09/2012] D12B21094CA0A40A24842D25F58C18E0
C:\_OTL\MovedFiles\09152012_120645\C_Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5b1nbsno.default\prefs.js	--a---- 7042 bytes	[10:02 15/09/2012]	[10:02 15/09/2012] 0987B140150456D86D942A84DF03D0BF

Searching for "perion"
No files found.

-= EOF =-
         

Alt 18.09.2012, 02:08   #15
t'john
/// Helfer-Team
 
Mystart incredibar los werden... - Standard

Mystart incredibar los werden...



weg oder wieder da?
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Mystart incredibar los werden...
administrator, anti-malware, appdata, autostart, dateien, eingefangen, erfolgreich, explorer, file, forum, gelöscht, gen, image, malwarebytes, microsoft, neu, optimizerpro, quarantäne, recycle.bin, service, software, speicher, system, temp, test, version




Ähnliche Themen: Mystart incredibar los werden...


  1. MyStart/Incredibar
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (9)
  2. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 06.05.2013 (11)
  3. mystart.incredibar.com
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (13)
  4. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (18)
  5. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 18.10.2012 (1)
  6. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (37)
  7. MyStart incredibar
    Log-Analyse und Auswertung - 14.10.2012 (25)
  8. mystart.incredibar.com
    Log-Analyse und Auswertung - 29.09.2012 (2)
  9. MyStart incredibar muss entfern werden
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (25)
  10. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  11. mystart incredibar
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  13. MySTart by Incredibar
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (1)
  14. MyStart incredibar
    Log-Analyse und Auswertung - 23.07.2012 (1)
  15. MyStart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  16. Mystart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. Mystart by incredibar
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)

Zum Thema Mystart incredibar los werden... - Hi ich gehöre dann jetzt auch zu denen die sich die Mystart incredibar eingefangen haben Obwohl ich es bereits deinstalliert habe und auch FF nochmal neu installiert habe erscheint es - Mystart incredibar los werden......
Archiv
Du betrachtest: Mystart incredibar los werden... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.