Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.10.2012, 15:21   #1
Moguntiacum
 
Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft - Standard

Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft



Hallo liebe Trojaner-Board-Helfer,

leider melde ich mich mit einigen Problemen bei Euch, verbunden mit der Bitte um Hilfe.

Seit ca. 4 Wochen sind mehrere Dateien nicht mehr auf der entsprechenden Partition auffindbar. Die Bootdauer ist auch seit diesem Zeitpunkt extrem gestiegen und unter Firefox werden meine Tabs immer wieder beim "weiter-linken" mit "mystart.incredibar.com" geöffnet. Weiterhin kann ich Tabs nicht mehr korrekt auf die vorherige Seite zurück schalten (Eine Seite zurück-Funktion).

Systeminfos als jpg-file anbei (Windows7 / x64 basierter- PC = 64bit System)

Bei der Durchführung mit dem defogger ist mir das Missgeschick passiert, dass ich meine Maus vom Tisch habe fallen lassen und die Funktion "Re-enable" ausgelöst wurde.

Ich hoffe, dass es dennoch Hilfe für mein System gibt.

An dieser Stelle schon mal vielen Dank für die Hilfe und Unterstützung.

Viele Grüße
Moguntiacum


Und hier die Log-files (sicherheitshalber nochmal als *.zip angehängt).

------------------

Malwarebytes Anti-Malware

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.27.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
---User--- :: ---MY_COMPUTER----PC [Administrator]

27.10.2012 15:52:09
mbam-log-2012-10-27 (15-52-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199707
Laufzeit: 2 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

-----------

defogger-Log

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:03 on 27/10/2012 (xxxxxxxxxx)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
-----------------
Extras.txt

OTL Extras logfile created on: 27.10.2012 14:40:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\---User---\Downloads\Desktop\Maleware-Entfernung
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,29% Memory free
7,99 Gb Paging File | 5,88 Gb Available in Paging File | 73,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,06 Gb Total Space | 64,03 Gb Free Space | 64,00% Space Free | Partition Type: NTFS
Drive F: | 292,34 Gb Total Space | 270,58 Gb Free Space | 92,55% Space Free | Partition Type: NTFS
Drive G: | 29,98 Gb Total Space | 11,96 Gb Free Space | 39,90% Space Free | Partition Type: NTFS
Drive H: | 30,58 Gb Total Space | 20,50 Gb Free Space | 67,05% Space Free | Partition Type: NTFS

Computer Name: ---MY_COMPUTER----PC | User Name: ---User--- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23C3B10C-63BA-446E-AFFB-F83115E73FFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{307B5137-DA93-4196-9CD4-9A0DCDC1296C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{419BC6CE-CC08-4A6E-A56A-F6C4808DDA02}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BC2EBE71-6D9E-4F6C-8C96-3B230ED276E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C988F9D0-26EB-4F10-864C-DE59A23020B2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1A37A8-CEE6-4873-88A7-2DD0FD2B527D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0D48A381-6968-4C22-A899-3C57A7025A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{0EC87B22-9658-442F-8C6B-9A8CA7DB6759}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{1F8164DE-1E8A-4277-A765-207147B496F5}" = protocol=17 | dir=in | app=c:\users\---User---\appdata\roaming\dropbox\bin\dropbox.exe |
"{28305215-95DD-4CD0-8AFE-3A8E8965A40B}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{39AE94D7-9A48-413E-BF08-BAF1F27B1983}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{3BC73727-93DB-4023-BF7E-91E345D18C6C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5CBBB273-5579-41B9-A967-9ACE035B9674}" = protocol=6 | dir=in | app=c:\users\---User---\appdata\roaming\dropbox\bin\dropbox.exe |
"{6CA20F90-49E9-4C03-ACE8-54B7B2572FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{70E320EE-88B3-4108-AFFA-E49D835E0D1F}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{7560B10B-DEAA-4ECC-A03E-B9043AE46D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BFBA9314-E038-43B6-9D5D-81FD85ECF5D0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C6A1C517-791F-4F38-9CB4-408FF831E2E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D5628A19-4756-49D3-BC35-8D263DF32C36}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DE970813-2851-4641-BABB-B533A9CF1BEB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F3105498-5832-4111-8E51-84D22DCAB15F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{37678603-4E59-497C-92AC-B987474DBB91}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{E9A17A84-F318-423C-B381-9E8A1DA1FF2C}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{3AB9D92E-A2E0-4E13-9B6C-69BC8B1A6D3B}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{A4640A07-805A-40FE-9618-40F7CB0B0CB0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"EPSON BX320FW Series" = EPSON BX320FW Series Printer Uninstall
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{526B2AE8-73DF-4CE0-B140-9968677A7C93}" = HTC Sync
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{896B238F-7CFE-4952-82EB-96E63E8E67B6}" = COMPUTERBILD-Abzockschutz
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"CCleaner" = CCleaner
"EPSON BX320FW Series Manual" = EPSON BX320FW Series Handbuch
"EPSON BX320FW Series Network Guide" = EPSON BX320FW Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"iDailyDiary_is1" = iDailyDiary 3.85.1
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"Live Usb Helper" = Live Usb Helper 0.0.8
"LManager" = Launch Manager
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"VideoPad" = VideoPad Videobearbeitungs-Software
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.10.2012 10:58:34 | Computer Name = ---MY_COMPUTER----PC | Source = VSS | ID = 13
Description =

Error - 21.10.2012 10:58:34 | Computer Name = ---MY_COMPUTER----PC | Source = VSS | ID = 8193
Description =

Error - 21.10.2012 16:22:07 | Computer Name = ---MY_COMPUTER----PC | Source = System Restore | ID = 8193
Description =

Error - 21.10.2012 16:22:08 | Computer Name = ---MY_COMPUTER----PC | Source = System Restore | ID = 8193
Description =

Error - 22.10.2012 09:24:37 | Computer Name = ---MY_COMPUTER----PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 22.10.2012 09:24:37 | Computer Name = ---MY_COMPUTER----PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 22.10.2012 09:24:37 | Computer Name = ---MY_COMPUTER----PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 22.10.2012 09:24:38 | Computer Name = ---MY_COMPUTER----PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 22.10.2012 13:11:47 | Computer Name = ---MY_COMPUTER----PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
Zeitstempel: 0x4f5ecbd4 Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x5066df1c Ausnahmecode: 0xc0000005 Fehleroffset:
0x64f18ce3 ID des fehlerhaften Prozesses: 0x173c Startzeit der fehlerhaften Anwendung:
0x01cdb03ee3328477 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll
Berichtskennung:
8f69af38-1c6b-11e2-84b4-00262da86e30

Error - 23.10.2012 07:52:21 | Computer Name = ---MY_COMPUTER----PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1534 Startzeit: 01cdb114d0f038ca Endzeit: 15 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 16a0a5d6-1d08-11e2-9452-00262da86e30


[ Media Center Events ]
Error - 09.08.2012 05:16:47 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 11:16:47 - Fehler beim Herstellen der Internetverbindung. 11:16:47
- Serververbindung konnte nicht hergestellt werden..

Error - 09.08.2012 05:17:05 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 11:16:53 - Fehler beim Herstellen der Internetverbindung. 11:16:53
- Serververbindung konnte nicht hergestellt werden..

Error - 09.08.2012 11:34:49 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 17:34:49 - Fehler beim Herstellen der Internetverbindung. 17:34:49
- Serververbindung konnte nicht hergestellt werden..

Error - 09.08.2012 11:35:00 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 17:34:54 - Fehler beim Herstellen der Internetverbindung. 17:34:54
- Serververbindung konnte nicht hergestellt werden..

Error - 02.10.2012 13:11:39 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 19:11:39 - Fehler beim Herstellen der Internetverbindung. 19:11:39
- Serververbindung konnte nicht hergestellt werden..

Error - 02.10.2012 13:11:55 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 19:11:44 - Fehler beim Herstellen der Internetverbindung. 19:11:44
- Serververbindung konnte nicht hergestellt werden..

Error - 04.10.2012 03:20:24 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 09:20:24 - Fehler beim Herstellen der Internetverbindung. 09:20:24
- Serververbindung konnte nicht hergestellt werden..

Error - 15.10.2012 03:05:43 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 09:05:43 - Fehler beim Herstellen der Internetverbindung. 09:05:43
- Serververbindung konnte nicht hergestellt werden..

Error - 15.10.2012 03:05:55 | Computer Name = ---MY_COMPUTER----PC | Source = MCUpdate | ID = 0
Description = 09:05:48 - Fehler beim Herstellen der Internetverbindung. 09:05:48
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 14.08.2012 11:11:12 | Computer Name = ---MY_COMPUTER----PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 14.08.2012 14:27:28 | Computer Name = ---MY_COMPUTER----PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 15.08.2012 01:29:43 | Computer Name = ---MY_COMPUTER----PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 15.08.2012 07:28:27 | Computer Name = ---MY_COMPUTER----PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 15.08.2012 07:30:09 | Computer Name = ---MY_COMPUTER----PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Kaspersky Security Suite CBE 11 Service" wurde nicht richtig
gestartet.

Error - 16.08.2012 12:58:47 | Computer Name = ---MY_COMPUTER----PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 17.08.2012 06:28:20 | Computer Name = ---MY_COMPUTER----PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?08.?2012 um 23:22:35 unerwartet heruntergefahren.

Error - 17.08.2012 06:28:25 | Computer Name = ---MY_COMPUTER----PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 18.08.2012 02:01:12 | Computer Name = ---MY_COMPUTER----PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 18.08.2012 08:01:41 | Computer Name = ---MY_COMPUTER----PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?08.?2012 um 08:32:14 unerwartet heruntergefahren.


< End of report >

----------

OTL.Txt

OTL logfile created on: 27.10.2012 14:40:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\---User---\Downloads\Desktop\Maleware-Entfernung
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,29% Memory free
7,99 Gb Paging File | 5,88 Gb Available in Paging File | 73,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,06 Gb Total Space | 64,03 Gb Free Space | 64,00% Space Free | Partition Type: NTFS
Drive F: | 292,34 Gb Total Space | 270,58 Gb Free Space | 92,55% Space Free | Partition Type: NTFS
Drive G: | 29,98 Gb Total Space | 11,96 Gb Free Space | 39,90% Space Free | Partition Type: NTFS
Drive H: | 30,58 Gb Total Space | 20,50 Gb Free Space | 67,05% Space Free | Partition Type: NTFS

Computer Name: ---MY_COMPUTER----PC | User Name: ---User--- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.27 14:04:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\---User---\Downloads\Desktop\Maleware-Entfernung\OTL.exe
PRC - [2012.09.23 15:29:41 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012.09.23 15:29:40 | 001,737,728 | ---- | M] (Lavasoft Limited ) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012.06.19 17:11:32 | 001,974,272 | ---- | M] () -- C:\Program Files (x86)\iDailyDiary\iDD.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\---User---\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2011.11.01 13:22:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 18:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.04.19 15:03:52 | 000,268,864 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2011.04.13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.04.30 13:56:04 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.04.16 11:35:48 | 001,949,352 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\XSManager\XSManager.exe
PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 01:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.04 07:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.04 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.04 07:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.01 20:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.12.25 03:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.12.25 03:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009.12.03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.12.03 01:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.19 17:11:32 | 001,974,272 | ---- | M] () -- C:\Program Files (x86)\iDailyDiary\iDD.exe
MOD - [2011.11.01 13:22:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.11.01 13:22:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.11.01 13:22:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.11.01 13:22:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.11.01 13:22:00 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2011.11.01 13:22:00 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.11.01 13:22:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.11.01 13:22:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010.09.14 18:39:39 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
MOD - [2010.09.14 18:38:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2010.09.14 18:38:39 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2010.09.14 18:38:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2010.09.14 18:38:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2010.08.19 22:39:30 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\iDailyDiary\iDB.dll
MOD - [2010.05.26 07:39:18 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.05.26 07:39:15 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.16 11:35:49 | 000,183,976 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGSMSPCClient.Dll
MOD - [2010.04.16 11:35:48 | 000,020,136 | ---- | M] () -- C:\Program Files (x86)\XSManager\4GSystems_WTGSMSPCClientGer.dll
MOD - [2010.04.16 11:35:45 | 001,261,224 | ---- | M] () -- C:\Program Files (x86)\XSManager\4GSystems_OneClickAssistantGer.dll
MOD - [2010.04.12 18:00:46 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGDriverInstallX.Dll
MOD - [2010.04.12 17:59:40 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgCore.dll
MOD - [2010.04.12 17:59:30 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDriverInstall.dll
MOD - [2010.04.12 17:59:28 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgBluetooth.dll
MOD - [2010.04.12 17:59:24 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDialup.dll
MOD - [2010.04.12 17:59:22 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDetection.dll
MOD - [2010.04.12 17:59:18 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDatabase.dll
MOD - [2010.04.12 17:59:14 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgPorts.dll
MOD - [2010.04.12 17:59:10 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgUtil.dll
MOD - [2010.04.12 17:59:04 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGDebugs.dll
MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.12.08 11:22:58 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGXMLUtil.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.05.21 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2008.11.26 16:59:32 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
MOD - [2008.10.22 16:01:00 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.03.29 18:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.25 12:31:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.10 08:59:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.23 15:29:40 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.05.24 15:23:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2011.08.12 18:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.04.13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.10.19 10:09:07 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2012.05.30 10:26:46 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.06.13 13:06:10 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2011.05.17 14:48:22 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2011.05.17 14:48:22 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2010.08.16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010.08.16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010.08.12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010.06.09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.04.22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010.04.07 20:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.29 18:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.29 17:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.09 16:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.02.09 07:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.11.02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2011.08.25 10:07:57 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011.06.13 13:06:10 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2011.05.17 14:48:22 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2011.05.17 14:48:22 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2010.03.31 00:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\---User---\Documents\Everest\kerneld.amd64 -- (EverestDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7552&r=27360910g406l04c8z185t46n1n33p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7552&r=27360910g406l04c8z185t46n1n33p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7552&r=27360910g406l04c8z185t46n1n33p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/freedesktopclock/{1D3B53B4-91D4-4857-B04B-838A97F69E80}
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7552&r=27360910g406l04c8z185t46n1n33p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb161?a=6PQzdYhyzL&i=26
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE395
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/freedesktopclock/{1D3B53B4-91D4-4857-B04B-838A97F69E80}?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6PQzdYhyzL&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.context.loadInBackground: true
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: clickclean@hotcleaner.com:4.0
FF - prefs.js..extensions.enabledAddons: firegestures@xuldev.org:1.6.18
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff@pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {cdd09450-7280-11de-8a39-0800200c9a66}:0.82
FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.44
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.445
FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:16.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: {049952B3-A745-43bd-8D26-D1349B1ED944}:2.0.2009110402
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {0dd39226-2650-404d-a43d-ffd906b35a9e}:0.2.3
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.34
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: save-as-pdf-ff@pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb161/?loc=IB_DS&a=6PQzdYhyzL&&i=26&search="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.02 07:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.02 07:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.25 12:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010.09.05 17:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\Extensions
[2012.10.25 14:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions
[2010.09.05 18:33:53 | 000,000,000 | ---D | M] ("Tab Catalog") -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\{049952B3-A745-43bd-8D26-D1349B1ED944}
[2012.10.08 17:55:38 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.10.25 14:02:59 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.09.05 18:43:01 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2012.05.01 14:19:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.23 21:47:03 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\clickclean@hotcleaner.com
[2012.09.26 12:30:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\ich@maltegoetz.de
[2010.11.05 12:56:01 | 000,000,000 | ---D | M] (Save as PDF) -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\save-as-pdf-ff@pdfcrowd.com
[2010.09.05 18:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\Firefox\Profiles\2xiw6j8s.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2012.10.08 17:14:45 | 000,142,418 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\firegestures@xuldev.org.xpi
[2012.08.23 20:18:05 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.06.02 13:39:52 | 000,253,381 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}.xpi
[2012.07.27 14:21:03 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.17 18:11:31 | 000,395,926 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2011.12.30 18:32:06 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.07.22 09:45:20 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2008.03.20 14:43:48 | 000,001,502 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\xpinstall\xpinstallConfirm.css
[2008.03.26 13:50:46 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\xpinstall\xpinstallItemGeneric.png
[2012.06.07 13:20:45 | 000,005,027 | ---- | M] () -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\searchplugins\cannapower-user-uploads.xml
[2012.01.03 15:09:11 | 000,002,390 | ---- | M] () -- C:\Users\---User---\AppData\Roaming\mozilla\firefox\profiles\2xiw6j8s.default\searchplugins\search.xml
[2012.05.30 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.30 10:28:18 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2012.05.30 10:28:16 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.10.27 12:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
[2012.10.27 12:28:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.27 12:28:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\KavAntiBanner@Kaspersky.ru
[2012.10.27 12:28:09 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\linkfilter@kaspersky.ru
[2012.06.02 07:53:34 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.10.25 12:31:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.25 12:31:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.25 12:31:28 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.25 12:31:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.25 12:31:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.25 12:31:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.25 12:31:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe File not found
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [EPSON SX430 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\MICKEY~1\AppData\Local\Temp\E_SA17F.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [iDailyDiary] "C:\PROGRA~2\IDAILY~1\iDD.exe" /LOGMIN File not found
O4 - HKCU..\Run: [SkinClock] C:\Program Files (x86)\Free Desktop Clock\DesktopClock.exe File not found
O4 - Startup: C:\Users\---User---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\---User---\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17E3DA11-48EE-4799-90CB-8AEEAFF248D0}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{891C1073-8832-4939-A8D3-38770BD5CA48}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C73542F3-7C96-4F3C-91C3-EE0DD9267799}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{36cf2ac5-3461-11e1-83ed-00262da86e30}\Shell - "" = AutoRun
O33 - MountPoints2\{36cf2ac5-3461-11e1-83ed-00262da86e30}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{9d72dddc-19c3-11e2-9c65-207c8f049860}\Shell - "" = AutoRun
O33 - MountPoints2\{9d72dddc-19c3-11e2-9c65-207c8f049860}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.27 13:29:48 | 000,000,000 | ---D | C] -- C:\Users\---User---\Downloads\Desktop\Maleware-Entfernung
[2012.10.25 12:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.25 12:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.24 20:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2012.10.22 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.10.22 20:25:27 | 000,096,768 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.10.22 20:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.10.21 22:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[2012.10.21 21:56:15 | 000,000,000 | ---D | C] -- C:\Users\---User---\AppData\Roaming\Meine Traffic
[2012.10.21 21:56:09 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\MTrUn.EXE
[2012.10.19 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\---User---\AppData\Local\updater4g
[2012.10.19 10:09:30 | 000,312,488 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\updater4g.exe
[2012.10.19 10:09:30 | 000,160,424 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
[2012.10.19 10:09:29 | 000,117,888 | ---- | C] (Mobile Connector) -- C:\Windows\SysNative\drivers\cmnsusbser.sys
[2012.10.19 10:09:29 | 000,103,680 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_ser32.sys
[2012.10.19 10:09:29 | 000,063,648 | ---- | C] (Siano) -- C:\Windows\SysNative\drivers\smsbda.sys
[2012.10.19 10:09:28 | 000,133,120 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_netamd.sys
[2012.10.19 10:09:28 | 000,118,272 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_seramd.sys
[2012.10.19 10:09:28 | 000,112,640 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_net32.sys
[2012.10.19 10:09:28 | 000,000,000 | ---D | C] -- C:\Users\---User---\AppData\Roaming\XSManager
[2012.10.19 10:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
[2012.10.19 10:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XSManager
[2012.10.15 11:25:36 | 000,000,000 | ---D | C] -- C:\Users\---User---\AppData\Roaming\Malwarebytes
[2012.10.15 11:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.08 17:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.04 16:26:51 | 000,000,000 | ---D | C] -- C:\Users\---User---\Documents\DVDVideoSoft
[1 C:\Users\---User---\Downloads\Desktop\*.tmp files -> C:\Users\---User---\Downloads\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.27 13:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.27 13:48:20 | 000,000,000 | ---- | M] () -- C:\Users\---User---\defogger_reenable
[2012.10.27 13:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.27 12:52:01 | 006,661,044 | ---- | M] () -- C:\Users\---User---\Downloads\Desktop\video.flv
[2012.10.27 12:16:19 | 000,070,692 | ---- | M] () -- C:\Users\---User---\Downloads\Desktop\Erbenheim - Kreuzberger Ring 25c mit WBS-Hessen, Terrassenwohnung - PROVISIONSFREI! Top-Neubau-Wohnung mit großer Terrasse & Laminat!.pdf
[2012.10.27 10:28:46 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.27 10:28:46 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.27 10:27:16 | 001,480,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.27 10:27:16 | 000,647,376 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.27 10:27:16 | 000,610,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.27 10:27:16 | 000,127,404 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.27 10:27:16 | 000,104,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.27 10:20:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.27 10:20:05 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.10.27 10:19:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.27 10:19:52 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.26 17:43:00 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012.10.25 17:01:20 | 000,001,185 | ---- | M] () -- C:\Users\---User---\Downloads\Desktop\Email-Sicherungen.lnk
[2012.10.24 19:42:12 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.10.24 19:42:12 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.10.24 15:14:15 | 000,056,617 | ---- | M] () -- C:\Users\---User---\Downloads\Desktop\Terminbestätigung - Essenheimerstr. 23, 55128 Mainz, Bretzenheim - Freitag, den 26.10.2012 um 17.00 Uhr - Re. Anfrage zu Ihrem Objekt 832.105.pdf
[2012.10.21 21:56:09 | 000,001,432 | R--- | M] () -- C:\Windows\MeineTraffic_Uninstall.in
[2012.10.19 10:09:07 | 000,117,888 | ---- | M] (Mobile Connector) -- C:\Windows\SysNative\drivers\cmnsusbser.sys
[2012.10.19 10:09:06 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_seramd.sys
[2012.10.19 10:09:06 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_ser32.sys
[2012.10.19 10:09:06 | 000,101,056 | ---- | M] () -- C:\Windows\SysNative\drivers\dvb_nova_12mhz_b0.inp
[2012.10.19 10:09:06 | 000,092,456 | ---- | M] () -- C:\Windows\SysNative\drivers\isdbt_nova_12mhz_b0.inp
[2012.10.19 10:09:06 | 000,079,036 | ---- | M] () -- C:\Windows\SysNative\drivers\tdmb_nova_12mhz_b0.inp
[2012.10.19 10:09:06 | 000,063,648 | ---- | M] (Siano) -- C:\Windows\SysNative\drivers\smsbda.sys
[2012.10.19 10:09:06 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\drivers\smsbda.cfg
[2012.10.19 10:09:05 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_netamd.sys
[2012.10.19 10:09:05 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_net32.sys
[2012.10.13 15:15:16 | 000,000,739 | ---- | M] () -- C:\Users\---User---\Downloads\Desktop\myMeditation.m3u
[1 C:\Users\---User---\Downloads\Desktop\*.tmp files -> C:\Users\---User---\Downloads\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.27 13:48:20 | 000,000,000 | ---- | C] () -- C:\Users\---User---\defogger_reenable
[2012.10.27 12:51:56 | 006,661,044 | ---- | C] () -- C:\Users\---User---\Downloads\Desktop\video.flv
[2012.10.27 12:16:19 | 000,070,692 | ---- | C] () -- C:\Users\---User---\Downloads\Desktop\Erbenheim - Kreuzberger Ring 25c mit WBS-Hessen, Terrassenwohnung - PROVISIONSFREI! Top-Neubau-Wohnung mit großer Terrasse & Laminat!.pdf
[2012.10.25 17:01:20 | 000,001,185 | ---- | C] () -- C:\Users\---User---\Downloads\Desktop\Email-Sicherungen.lnk
[2012.10.24 15:14:13 | 000,056,617 | ---- | C] () -- C:\Users\---User---\Downloads\Desktop\Terminbestätigung - Essenheimerstr. 23, 55128 Mainz, Bretzenheim - Freitag, den 26.10.2012 um 17.00 Uhr - Re. Anfrage zu Ihrem Objekt 832.105.pdf
[2012.10.21 21:56:09 | 000,001,432 | R--- | C] () -- C:\Windows\MeineTraffic_Uninstall.in
[2012.10.19 10:09:29 | 000,079,036 | ---- | C] () -- C:\Windows\SysNative\drivers\tdmb_nova_12mhz_b0.inp
[2012.10.19 10:09:28 | 000,101,056 | ---- | C] () -- C:\Windows\SysNative\drivers\dvb_nova_12mhz_b0.inp
[2012.10.19 10:09:28 | 000,092,456 | ---- | C] () -- C:\Windows\SysNative\drivers\isdbt_nova_12mhz_b0.inp
[2012.10.19 10:09:28 | 000,000,040 | ---- | C] () -- C:\Windows\SysNative\drivers\smsbda.cfg
[2012.10.13 15:15:16 | 000,000,739 | ---- | C] () -- C:\Users\---User---\Downloads\Desktop\myMeditation.m3u
[2012.10.13 11:09:21 | 000,061,500 | ---- | C] () -- C:\Users\---User---\Downloads\Desktop\1280-3234623539653130.jpg
[2012.10.13 11:09:21 | 000,024,856 | ---- | C] () -- C:\Users\---User---\Downloads\Desktop\57140767e4fbd44da59d137aea791f00.jpg
[2012.07.02 20:24:30 | 005,746,780 | ---- | C] ( ) -- C:\Windows\SysWow64\RTKISDBT.dll
[2012.01.03 13:31:18 | 000,000,734 | ---- | C] () -- C:\Users\---User---\AppData\Roaming\AtomicAlarmClock.ini
[2012.01.03 13:24:18 | 000,000,553 | ---- | C] () -- C:\Users\---User---\AppData\Roaming\FreeDesktopClock.ini
[2011.12.30 11:24:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.08.28 20:39:28 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.25 10:08:47 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.08.25 10:08:47 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.08.22 14:21:58 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.08.02 20:10:13 | 000,000,000 | ---- | C] () -- C:\Users\---User---\AppData\Local\{92262184-093E-4754-887A-E59BA244549C}
[2011.07.21 19:06:05 | 000,000,017 | ---- | C] () -- C:\Users\---User---\AppData\Local\resmon.resmoncfg
[2010.05.12 09:42:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.06.24 14:06:10 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\Ad-Aware Antivirus
[2011.12.31 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\Ashampoo
[2012.07.02 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012.10.27 10:24:54 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\Dropbox
[2012.10.04 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\DVDVideoSoft
[2012.06.26 18:12:20 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.21 20:48:19 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\Efficient Diary
[2012.06.18 06:08:09 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\Epson
[2012.01.02 16:26:31 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\HTC
[2012.01.02 16:02:01 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.01.02 17:37:28 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\IrfanView
[2012.10.21 21:56:15 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\Meine Traffic
[2012.10.26 15:45:09 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\Outlook
[2012.10.22 20:25:30 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\pdfforge
[2012.06.25 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\Windows Live Writer
[2012.10.19 13:41:38 | 000,000,000 | ---D | M] -- C:\Users\---User---\AppData\Roaming\XSManager

========== Purity Check ==========



< End of report >

Alt 27.10.2012, 21:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft - Standard

Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft



Gibt es noch weitere Logs von Malwarebytes? => http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 28.10.2012, 09:50   #3
Moguntiacum
 
Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft - Standard

Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft



Hallo cosinus,

zunächst vielen Dank für Deine Hilfe.

Hier, nach einigem Suchen, das 2. Log, das geschrieben wurde, mit verwertbarer Meldung. -

Entschuldigung, ich muss die genannten Dateien aus der Quarantäne versehentlich wohl gelöscht haben.

Ich hoffe, das nachfolgende Logfile liefert die erforderlichen Infos und ich mache es nicht noch komplizierter, als es eh schon ist.

- Es kann sein, das ich in den nächsten 2-3 Tagen nicht antworten/reagieren kann,
da ich meinen Internetzugriff ändern muss (bestellter, neuer Surfstick noch nicht eingetroffen).
Ich bin dann gezwungenermaßen entsprechend lange offline. -

Viele Grüße
Moguntiacum


Code:
ATTFilter
 
 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.15.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
---User--- :: ---MY_COMPUTER---PC [Administrator]

Schutz: Aktiviert

15.10.2012 11:35:30
mbam-log-2012-10-15 (11-35-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 337371
Laufzeit: 36 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\Win7 Treiber\Driver Samsung ML-4600 for Win7\installer_driver_samsung_ml-4600_laser_3_02_Deutsch.exe (Trojan.Toggle) -> Erfolgreich gelöscht und in Quarantäne gestellt.
H:\Software\Driver Samsung ML-4600 for Win7\installer_driver_samsung_ml-4600_laser_3_02_Deutsch.exe (Trojan.Toggle) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 28.10.2012, 12:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft - Standard

Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft



Zitat:
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft
bho, browser, desktop, ebay, error, excel, firefox, flash player, frage, google, helper, home, iexplore.exe, install.exe, launch, logfile, maus, mozilla, plug-in, realtek, registry, security, senden, server, software, svchost.exe, tastatur, usb 2.0, windows




Ähnliche Themen: Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft


  1. Link Klick öffnet zunächst eine Link Fremde Seite " Casino Werbung " " Siele Werbung " "Erotik Seiten " oder ähnliches!
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (17)
  2. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  3. Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools"
    Plagegeister aller Art und deren Bekämpfung - 10.12.2014 (9)
  4. Browser: Suchmaschine und "Start" / "Neuer Tab" - Seite und kurze Hintergrundprogramme
    Log-Analyse und Auswertung - 05.01.2014 (11)
  5. Mystart incredibar hat mich unter Chrome u. Firefox erwischt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (11)
  6. "Bundespolizei - automatische Informationskontrolle" Virus nicht auffindbar
    Log-Analyse und Auswertung - 22.01.2013 (3)
  7. Neuer Tab in Firefox wird mit "MyStart By IncrediBar" geöffnet
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (11)
  8. "MyStart by Incredibar" entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (16)
  9. Wie entferne ich Mystart / "Incredibar" Toolbar?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (25)
  10. "MyStart IncrediBar"
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (11)
  11. "MyStart by IncrediBar.com" in neuen Tabs im Firefox 13.0.1
    Log-Analyse und Auswertung - 12.07.2012 (2)
  12. "MyStart Incredibar"-Virus nach Schriftartdownload?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  13. MyStart by IncrediBar - Was tun um "Virus" zu löschen?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  14. Dateien "unbrauchbar", manche Dateinamen komplett verändert, Dateien nicht mehr zu öffnen...
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  15. Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden
    Log-Analyse und Auswertung - 02.04.2012 (28)
  16. HP steht unter Quarantäne, obwohl die Seite "sauber" ist
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (6)
  17. Frage zur "Ausführen als.." Funktion unter WinXP
    Alles rund um Windows - 07.11.2007 (2)

Zum Thema Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft - Hallo liebe Trojaner-Board-Helfer, leider melde ich mich mit einigen Problemen bei Euch, verbunden mit der Bitte um Hilfe. Seit ca. 4 Wochen sind mehrere Dateien nicht mehr auf der entsprechenden - Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft...
Archiv
Du betrachtest: Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.