Bundestrojaner (windows7) komme nicht mehr weiter

Kaipi · 06.07.2013, 15:42

so, musste es doch nochmal durchlaufen lassen.

und hier das Ergebnis:

Code:

ATTFilter

ComboFix 13-07-06.03 - Kai und Anna 06.07.2013  16:27:04.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2916 [GMT 2:00]
ausgeführt von:: c:\users\Kai und Anna\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Kai und Anna\AppData\Local\.#
c:\users\Kai und Anna\AppData\Roaming\.#
c:\users\Kai und Anna\AppData\Roaming\.#\MBX@EA8@2112770.###
c:\users\Kai und Anna\AppData\Roaming\.#\MBX@EA8@21127A0.###
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\ir41_qc.dll.new00
c:\windows\SysWow64\ir41_qcx.dll.new00
c:\windows\SysWow64\ir50_qc.dll.new00
c:\windows\SysWow64\ir50_qcx.dll.new00
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\UNWISE.EXE
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-06 bis 2013-07-06  ))))))))))))))))))))))))))))))
.
.
2013-07-06 14:35 . 2013-07-06 14:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-06 06:59 . 2013-07-06 12:33	--------	d-----w-	C:\FRST
2013-07-05 19:24 . 2013-07-05 19:24	--------	d-----w-	C:\Bücher
2013-07-05 18:57 . 2013-07-05 18:57	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-05 18:56 . 2013-07-05 18:56	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-07-01 17:39 . 2013-07-05 19:23	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-05 18:49 . 2009-11-22 15:12	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-07-05 18:45 . 2013-05-13 06:57	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-07-01 17:00 . 2012-07-16 06:28	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-01 17:00 . 2012-07-16 06:28	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-15 18:11 . 2013-04-15 18:11	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-15 18:11 . 2013-04-15 18:11	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-15 18:11 . 2013-04-15 18:11	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-13 05:49 . 2013-05-25 20:36	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-25 20:36	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-25 20:36	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-25 20:36	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-25 20:36	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-25 20:36	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 10:41	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-25 20:36	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-25 20:36	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-25 20:36	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\spiele\Electronic Arts\EADM\Core.exe" [BU]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [BU]
"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-22 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NPSStartup"="" [BU]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-05 345144]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-10-11 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
R2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
R2 gupdate1cadd34a9973a19;Google Update Service (gupdate1cadd34a9973a19);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 17:00]
.
2013-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 07:15]
.
2013-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 07:15]
.
2013-05-01 c:\windows\Tasks\Norton Security Scan for Kai und Anna.job
- c:\progra~2\NORTON~2\Engine\372~1.10\Nss.exe [2013-01-15 07:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Kai und Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EA Download Manager - c:\spiele\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-Hardlock Gerätetreiber - c:\windows\system32\UNWISE.EXE
AddRemove-{9658164A-D7E9-4D47-8541-10ABFF15C5B7}_is1 - c:\spiele\Diner Dash 5 BOOM Sammleredition\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2230038569-1755021875-2764227553-1001\Software\SecuROM\License information*]
"datasecu"=hex:6e,6d,c6,d3,c2,93,22,14,0b,e4,51,07,4a,22,08,27,e7,84,12,98,76,
   62,a6,ee,d0,2a,83,9a,ce,dd,82,8f,e4,25,9d,e7,e2,42,f1,8b,a8,81,52,ac,0b,04,\
"rkeysecu"=hex:c3,b4,f5,2a,13,6c,13,36,f6,f2,3c,d2,20,b5,6c,14
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-06  16:37:56
ComboFix-quarantined-files.txt  2013-07-06 14:37
.
Vor Suchlauf: 9.014.849.536 Bytes frei
Nach Suchlauf: 8.737.779.712 Bytes frei
.
- - End Of File - - 2A644B591633F63F4B2851618917DA0B
5C616939100B85E558DA92B899A0FC36

markusg · 06.07.2013, 15:54

Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Kaipi · 06.07.2013, 21:36

jetzt kommen die Ergebnisse

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Kai und Anna :: KAIUNDANNA-PC [Administrator]

06.07.2013 19:06:59
mbam-log-2013-07-06 (19-06-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 534622
Laufzeit: 2 Stunde(n), 15 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\FRST\Quarantine.rar (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\b34btbztdb0vavaw.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai und Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4b4e519c-34a6ffa4 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 06.07.2013, 21:37

Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Kaipi · 06.07.2013, 22:08

bin mir bei einigen nicht sicher, was das ist ?

Code:

ATTFilter

Acer Arcade Deluxe	CyberLink Corp.	02.09.2009	96,4MB	3.0.6731								unbekannt
Acer Backup Manager	NewTech Infosystems	22.08.2009	23,1MB	2.0.0.22							unbekannt
Acer Crystal Eye Webcam	Suyin Optronics Corp	02.09.2009		5.2.7.1								unbekannt
Acer ePower Management	Acer Incorporated	02.09.2009		4.05.3002							unbekannt
Acer eRecovery Management	Acer Incorporated	22.08.2009		4.05.3002						unbekannt
Acer GameZone Console	Oberon Media, Inc.	22.08.2009		5.1.0.2								unbekannt
Acer GridVista	Acer Inc.	02.09.2009		3.01.0730									unbekannt
Acer Registration	Acer Incorporated	02.09.2009		1.02.3004							unbekannt
Acer ScreenSaver	Acer Incorporated	02.09.2009		1.7.0715							unbekannt
Acer Updater	Acer Incorporated	21.08.2009		1.01.3014								unbekannt
Acrobat.com	Adobe Systems Incorporated	21.08.2009	1,60MB	1.6.65								notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	01.07.2013	6,00MB	11.7.700.224					notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	01.07.2013	6,00MB	11.7.700.224					notwendig
Adobe Reader 9.4.5 MUI	Adobe Systems Incorporated	18.06.2011	656MB	9.4.5							notwendig
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	15.01.2013		11.6.8.638						notwendig
Apple Application Support	Apple Inc.	16.01.2013	65,0MB	2.3.2								notwendig
Apple Mobile Device Support	Apple Inc.	16.01.2013	25,1MB	6.0.1.3								notwendig
Apple Software Update	Apple Inc.	18.10.2011	2,38MB	2.1.3.127								notwendig
ArcSoft Print Creations	ArcSoft	04.08.2011		3.0.255.407									unbekannt
ArcSoft Print Creations - Album Page	ArcSoft	04.08.2011										unbekannt
ArcSoft Print Creations - Photo Book	ArcSoft	04.08.2011										unbekannt
ArcSoft TotalMedia HDCam	ArcSoft	04.08.2011		2.0.2.38								unbekannt
Avira Free Antivirus	Avira	05.07.2013	124MB	13.0.0.3737									notwendig
Biet-O-Matic v2.14.6	BOM Development Team	14.09.2010		Biet-O-Matic v2.14.6						unnötig					
Biet-O-Matic v2.14.8	BOM Development Team	10.03.2012	6,83MB	2.14.8								unnötig					
Bonjour	Apple Inc.	18.10.2011	2,00MB	3.0.0.10										unbekannt
Broadcom Gigabit NetLink Controller	Broadcom Corporation	21.08.2009	460KB	12.26.02					unbekannt
Brother MFL-Pro Suite MFC-490CW	Brother Industries, Ltd.	18.11.2010		1.0.1.0						notwendig
CCleaner	Piriform	19.06.2013		4.03										notwendig
CDBurnerXP	CDBurnerXP	01.11.2012	12,2MB	4.4.2.3442									notwendig
CIB pdf brewer	CIB software GmbH	02.12.2011	67,6MB	2.6.0047								unnötig					
Coby Media Manager	Coby	28.07.2012	99,5MB	1.0.4717									unnötig				
Compatibility Pack für 2007 Office System	Microsoft Corporation	14.01.2013	281MB	12.0.6612.1000				notwendig
Das Wein-Imperium		26.11.2009												unnötig					
DIE SIEDLER - Aufstieg eines Königreichs	Ubisoft	26.11.2009		1.00.0000						notwendig
DIE SIEDLER - Das Erbe der Könige	Blue Byte	24.06.2011		1.00.0000						notwendig
Die*Sims™*3	Electronic Arts	19.06.2011		1.0.615										unnötig					
Diner Dash 5 BOOM Sammleredition Version 1.0.1.302	My Company, Inc.	13.06.2011	131MB	1.0.1.302			unnötig					
Dream Day First Home	Oberon Media	02.09.2009											unnötig					
EA Download Manager	Electronic Arts, Inc.	23.01.2010		6.0.0.100							unnötig					
EA Download Manager UI	Electronic Arts	23.01.2010		6.0.0.100								unnötig					
eBay Worldwide	OEM	21.11.2009	100KB	2.1.0703										unbekannt
ElsterFormular	Landesfinanzdirektion Thüringen	01.01.2013		13.3.0.9066							unnötig					
eSobi v2	esobi Inc.	21.08.2009	20,4MB	2.0.4.000274									unbekannt
Fashion Craze Deluxe		26.11.2009												unnötig					
Free YouTube to MP3 Converter version 3.11.34.1015	DVDVideoSoft Ltd.	01.11.2012	60,9MB	3.11.34.1015			notwendig
FUSSBALL MANAGER 10	Electronic Arts	15.12.2009		2.0.0.4									unnötig					
Gigaset QuickSync	Gigaset Communications GmbH	12.08.2011	3,16MB	6.1.0822.15063						unbekannt
Google Chrome Frame	Google Inc.	15.01.2013		27.0.1453.116								unnötig							
Hardlock Gerätetreiber		13.08.2010												unbekannt		
iCloud	Apple Inc.	16.01.2013	81,9MB	2.1.1.3											notwendig
Identity Card	Acer Incorporated	02.09.2009		1.00.3001								unbekannt
Intel® Matrix Storage Manager	Intel Corporation	02.09.2009									unbekannt		
iTunes	Apple Inc.	16.01.2013	191MB	11.0.1.12										notwendig
Java 7 Update 9	Oracle	18.09.2012	128MB	7.0.90											notwendig
Java 7 Update 9 (64-bit)	Oracle	17.10.2012	127MB	7.0.90									notwendig
Java(TM) 6 Update 31	Oracle	19.04.2012	95,1MB	6.0.310										notwendig
JavaFX 2.1.1	Oracle Corporation	26.06.2012	20,8MB	2.1.1									notwendig
JDownloader	AppWork UG (haftungsbeschränkt)	11.08.2010										unnötig					
Launch Manager	Acer Inc.	02.09.2009		3.0.01										unbekannt
LSI HDA Modem	LSI Corporation	02.09.2009	16,0KB	2.1.94										unbekannt
Luka		18.02.2010														unnötig					
Luxor 5th Passage	MumboJumbo	15.06.2011		1.1.0.0									unnötig					
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	06.07.2013	19,2MB	1.75.0.1300			notwendig
McAfee Security Scan Plus	McAfee, Inc.	09.03.2013	10,2MB	3.0.318.3							notwendig
Media Go	Sony	31.12.2011	99,0MB	2.0.317											unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	29.12.2011	38,8MB	4.0.30320				unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	29.12.2011	2,93MB	4.0.30320		unbekannt
Microsoft Office Enterprise 2007	Microsoft Corporation	04.03.2012		12.0.6612.1000					unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	16.09.2011	7,95MB	14.0.5130.5003					unbekannt
Microsoft Office Home and Student 2007	Microsoft Corporation	04.03.2012		12.0.6612.1000					unbekannt
Microsoft Office Language Pack 2007 - German/Deutsch	Microsoft Corporation	29.02.2012		12.0.6612.1000			unbekannt
Microsoft Office Live Add-in 1.5	Microsoft Corporation	19.04.2012	508KB	2.0.4024.1					unbekannt
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	14.01.2013	41,1MB	12.0.6612.1000			unbekannt
Microsoft Office Suite Activation Assistant	Microsoft Corporation	22.08.2009	8,36MB	2.9					unbekannt
Microsoft Silverlight	Microsoft Corporation	20.03.2013	100MB	5.1.20125.0							unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	02.09.2009	1,72MB	3.1.0000				unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	22.11.2009	250KB	8.0.50727.4053	unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.06.2011	300KB	8.0.59193				unbekannt
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	31.12.2011	2,64MB	8.0.51011			unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	15.04.2011	598KB	9.0.30729.5570	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	25.12.2010	1,42MB	9.0.21022		unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	28.04.2011	242KB	9.0.30729		unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	17.05.2010	596KB	9.0.30729.4148		unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	600KB	9.0.30729.6161		unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	26.10.2011	12,2MB	10.0.40219		unbekannt
Microsoft Works	Microsoft Corporation	11.10.2012	1,34GB	9.7.0621								unbekannt
Microsoft WSE 3.0 Runtime	Microsoft Corp.	19.06.2011	942KB	3.0.5305.0							unbekannt
Move Media Player	Move Networks	28.04.2010											unbekannt
Mozilla Firefox 16.0.2 (x86 de)	Mozilla	01.11.2012	86,3MB	16.0.2									notwendig
Mozilla Maintenance Service	Mozilla	05.07.2013	333KB	17.0.6									notwendig
Mozilla Thunderbird 17.0.6 (x86 de)	Mozilla	05.07.2013	43,3MB	17.0.6								notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	22.11.2009	1,27MB	4.20.9870.0						unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.11.2009	1,33MB	4.20.9876.0						unbekannt
MyMicroBalance	Trusted Bytes Softwareentwicklung e.U.	28.09.2011	21,1MB	2.5.2							unnötig					
MyWinLocker	Egis Technology Inc.	22.08.2009	47,9MB	3.1.72.0								unbekannt
Nanny 911		22.12.2009													unnötig
Norton Online Backup	Symantec	21.08.2009	2,09MB	1.2.0.36								notwendig
Norton Security Scan	Symantec Corporation	15.01.2013		3.7.2.10							notwendig
NTI Backup Now 5	NewTech Infosystems	21.08.2009	465MB	5.1.2.627							notwendig
NTI Media Maker 8	NewTech Infosystems	21.08.2009	768MB	8.0.12.6619							notwendig
NVIDIA Drivers	NVIDIA Corporation	02.09.2009		1.5									notwendig
NVIDIA PhysX	NVIDIA Corporation	02.09.2009	119MB	9.09.0203								notwendig
PhotoFiltre		28.04.2010													notwendig
Picasa 3	Google, Inc.	24.03.2013		3.9										notwendig
PlayStation(R)Store	Sony Computer Entertainment Inc.	31.12.2011	5,54MB	4.5.16.13625					unnötig
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	28.09.2011		11.0.0.14					unbekannt
QuickTime	Apple Inc.	28.11.2012	73,1MB	7.73.80.64									notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	02.09.2009		6.0.1.5911				unbekannt
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	21.08.2009		6.1.7100.30093					unbekannt
Samsung New PC Studio	Samsung Electronics Co., Ltd.	27.12.2009	198MB	1.00.0000						unnötig
SamsungConnectivityCableDriver	Samsung	27.12.2009	741KB	6.83.6.2.1								unnötig
Sweet Home 3D version 3.7	eTeks	14.01.2013	99,6MB										unnötig
Synaptics Pointing Device Driver	Synaptics Incorporated	02.09.2009		13.2.2.0					unnötig
Tinypic 3.14	E. Fiedler	04.07.2010		Tinypic 3.14									unnötig
Ubisoft Game Launcher	UBISOFT	25.12.2010		1.0.0.0										unnötig
VTech Download Manager	VTech	27.12.2011												unnötig
WBFS Manager 3.0	AlexDP	01.12.2009		3.0										notwendig
Wedding Dash 4 Ever Version 1.0.1.174	DELiGHT	17.06.2011	56,7MB	1.0.1.174							unnötig
Welcome Center	Acer Incorporated	02.09.2009		1.00.3005								unbekannt
Wimpomat 2.7	Andreas Soraru	10.02.2010												unbekannt		
Windows Live Anmelde-Assistent	Microsoft Corporation	02.09.2009	1,93MB	5.000.818.5						unbekannt
Windows Live Essentials	Microsoft Corporation	02.09.2009		14.0.8064.0206							unbekannt
Windows Live Sync	Microsoft Corporation	02.09.2009	2,79MB	14.0.8064.206							unbekannt
Windows Live-Uploadtool	Microsoft Corporation	02.09.2009	224KB	14.0.8014.1029							unbekannt
WinRAR		23.11.2009														notwendig
WISO Sparbuch 2010	Buhl Data Service GmbH	26.01.2012		17.00.6531							notwendig
WISO Steuer-Sparbuch 2011	Buhl Data Service GmbH	11.10.2012		18.00.6928						notwendig
WISO Steuer-Sparbuch 2012	Buhl Data Service GmbH	11.10.2012		19.00.7303						notwendig
Zuma Deluxe		13.09.2010													unnötig
Zylom Games Player Plugin	Zylom Games	07.06.2011										unnötig
µTorrent		06.06.2011		2.2.1											unnötig

markusg · 06.07.2013, 22:19

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Biet-O: beide
CIB
Coby
Das Wein
Die*
Diner
Dream
EA : beide
eBay
ElsterFormular
eSobi
Fashion
FUSSBALL
Google
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
McAfee : kann weg
Luka
Luxor
Move
MyMicroBalance
Nanny
Norton Security : kann weg
PlayStation
Samsung : beide
Sweet
Tinypic
Ubisoft
VTech
Wedding
Wimpomat
Windows Live : alle für dich unnötigen
Zuma
Zylom
µTorrent
Öffne Ccleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Kaipi · 06.07.2013, 23:00

habe alles erledigt :

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 06/07/2013 um 23:56:35 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Kai und Anna - KAIUNDANNA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kai und Anna\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\KAIUND~1\AppData\Local\Temp\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Datei : C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Kai und Anna\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [13690 octets] - [06/07/2013 09:04:18]
AdwCleaner[S1].txt - [13753 octets] - [06/07/2013 09:04:59]
AdwCleaner[S2].txt - [1131 octets] - [06/07/2013 23:56:35]

########## EOF - C:\AdwCleaner[S2].txt - [1191 octets] ##########

markusg · 06.07.2013, 23:03

Hi,
Na, das is doch schon mal was. :-)
HitmanPro - Download - Filepony
Bitte lade dir Hitmanpro, klicke auf Scan, lösche nichts.
Klicke auf weiter, dann Log speichern und posten, bzw als XML exportieren, packen und anhängen

Kaipi · 06.07.2013, 23:21

das kam vom hitman:

Code:

ATTFilter

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : KAIUNDANNA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : KaiundAnna-PC\Kai und Anna
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-07 00:11:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1903

   Objects scanned . . . : 1.795.018
   Files scanned . . . . : 35.394
   Remnants scanned  . . : 539.421 files / 1.220.203 keys

Suspicious files ____________________________________________________________

   C:\AnnaSpiele\FashionCrazeDeluxe.exe
      Size . . . . . . . : 1.307.976 bytes
      Age  . . . . . . . : 1454.3 days (2009-07-13 16:54:09)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7B08389C57B6FE0809747E79F273B89DE48A51249683050119C9EC4895E2AF34
      RSA Key Size . . . : 1024
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 34.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      References
         C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fashion Craze Deluxe\Fashion Craze Deluxe.lnk
         C:\Users\Kai und Anna\Desktop\Fashion Craze Deluxe.lnk


Potential Unwanted Programs _________________________________________________

   C:\Users\Default User\AppData\Local\AskToolbar\ (AskBar)
   C:\Users\Default\AppData\Local\AskToolbar\ (AskBar)
   C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\ (AskBar)
   C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\avira.inf (AskBar)
   C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraIDW.dll (AskBar)
      Size . . . . . . . : 890.832 bytes
      Age  . . . . . . . : 677.1 days (2011-08-29 22:04:48)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : C0DC125576036B049C689B759420D1A8F80EB85B0342354485C3605FD50E40B7
      Product  . . . . . : Avira Addon
      Publisher  . . . . : Ask.com
      Description  . . . : Avira Addon
      Version  . . . . . : 1.0.2.1000
      Copyright  . . . . : Copyright © 2009 Ask.com, All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKU\.DEFAULT\Software\Ask.com\ (AskBar)
   HKU\.DEFAULT\Software\AskToolbar\ (AskBar)
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKU\S-1-5-18\Software\Ask.com\ (AskBar)
   HKU\S-1-5-18\Software\AskToolbar\ (AskBar)
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)

Cookies _____________________________________________________________________

   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\04UFR0QP.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\0LKRVD85.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\0ZMK4WZ2.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\1T1UCLU9.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\8UHII7EZ.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\9JLGW86O.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\CBAECMDH.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\EV4J1MWW.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\F43KNF15.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\HXI144PE.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\KH8AKA1J.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\LFM0UTAF.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\LKKWH0Y5.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\Q4S2SB8O.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\RDS0N96A.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\SL2TD9T7.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\VX6MKHVD.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\YM2137V6.txt
   C:\Users\Kai und Anna\AppData\Roaming\Microsoft\Windows\Cookies\YX57NXVL.txt
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:112.2o7.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.123-template.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.360yield.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.ad-srv.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.adc-serv.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.adition.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.adnet.de
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.dyntracker.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.dyntracker.de
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ad.zanox.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:adbrite.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ads.webme.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:adtech.de
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:advertising.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:adviva.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:apmebf.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:atdmt.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:c.atdmt.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:c1.atdmt.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:casalemedia.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:content.yieldmanager.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:doubleclick.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:eas.apm.emediate.eu
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:emjcd.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:fastclick.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:guj.122.2o7.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:invitemedia.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:lego.112.2o7.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:media6degrees.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:mediaplex.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:mm.chitika.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:nuon.112.2o7.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:revsci.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ru4.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:serving-sys.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:smartadserver.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:specificclick.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:stat.dealtime.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:stat.vattenfall.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:statcounter.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:stats.paypal.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:stats.signal-iduna.de
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:track.adform.net
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:track.effiliation.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:tradedoubler.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:www.etracker.de
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:xiti.com
   C:\Users\Kai und Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8hlqw5i6.default\cookies.sqlite:yieldmanager.net

markusg · 06.07.2013, 23:40

bitte schließe alle Browser, starte hitmanpro, lösche alles außer die unter der Kategorie aufgeführetn Dateien:
Suspicious files
Neustarten.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Kaipi · 07.07.2013, 00:22

otl.txt

Code:

ATTFilter

OTL logfile created on: 07.07.2013 00:55:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kai und Anna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,24% Memory free
7,99 Gb Paging File | 6,64 Gb Available in Paging File | 83,08% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 10,16 Gb Free Space | 2,24% Space Free | Partition Type: NTFS
 
Computer Name: KAIUNDANNA-PC | User Name: Kai und Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.07 00:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kai und Anna\Desktop\OTL.exe
PRC - [2013.07.05 20:45:36 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.07.05 20:45:21 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.07.05 20:45:18 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.07.05 20:45:18 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.26 21:12:21 | 001,380,504 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.08.22 05:49:04 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.21 02:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.07 11:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.07 11:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 23:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.08.04 21:45:00 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.27 18:31:25 | 002,016,920 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wfvie12.dll
MOD - [2012.11.27 13:03:04 | 007,959,704 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wgui12.dll
MOD - [2012.11.26 21:13:17 | 002,993,816 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wcore12.dll
MOD - [2012.11.26 21:13:05 | 004,544,664 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wauff12.dll
MOD - [2012.11.26 21:12:36 | 001,651,864 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wreli12.dll
MOD - [2012.11.26 21:12:34 | 001,551,000 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wsteu12.dll
MOD - [2012.11.26 21:12:32 | 000,319,640 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsguiwinapi47.dll
MOD - [2012.11.26 21:12:29 | 000,275,096 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rscorewinapi47.dll
MOD - [2012.11.26 21:12:21 | 001,380,504 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe
MOD - [2012.11.26 21:12:15 | 000,135,832 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsodbc47.dll
MOD - [2012.11.26 21:12:12 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsdcom47.dll
MOD - [2012.11.26 20:46:17 | 000,866,816 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtcluceners47.dll
MOD - [2012.01.25 11:01:03 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtsqlrs47.dll
MOD - [2011.11.04 13:47:18 | 000,271,872 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\phononrs47.dll
MOD - [2011.11.04 13:47:16 | 011,163,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtwebkitrs47.dll
MOD - [2011.11.04 13:47:14 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qttestrs47.dll
MOD - [2011.11.04 13:47:12 | 001,340,416 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtscriptrs47.dll
MOD - [2011.11.04 13:47:12 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtsvgrs47.dll
MOD - [2011.11.04 13:47:10 | 008,934,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtguirs47.dll
MOD - [2011.11.04 13:47:10 | 002,395,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qt3supportrs47.dll
MOD - [2011.11.04 13:47:10 | 000,990,208 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtnetworkrs47.dll
MOD - [2011.11.04 13:47:10 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtxmlrs47.dll
MOD - [2011.11.04 13:47:08 | 002,356,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtcorers47.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.07 00:11:41 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.07.06 23:49:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.05 20:45:36 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.07.05 20:45:21 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.07.05 20:45:18 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.07.01 19:39:57 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.07 11:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.05 21:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.03.28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.15 20:11:27 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.15 20:11:27 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.15 20:11:27 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.24 14:45:42 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.12.24 23:47:22 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.12.24 23:47:22 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.20 13:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.19 06:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.14 18:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.05.01 07:43:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.04.07 03:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.02.20 19:09:18 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
DRV:64bit: - [2006.12.13 18:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2006.12.04 10:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE354DE354
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C7BA8270-248A-40A4-A815-6C1EF77E00E9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=85918184-0266-47fb-8e9d-e48dec13595c&apn_sauid=1AB24892-DE83-4497-8B1D-8F17963D0AF8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.atcomet.com/b/"
FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.9.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.06 23:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.06 23:51:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.06 23:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.06 23:41:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.06 23:51:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.06 23:41:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.09.02 08:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kai und Anna\AppData\Roaming\mozilla\Extensions
[2010.09.02 08:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kai und Anna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.07.06 09:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kai und Anna\AppData\Roaming\mozilla\Firefox\Profiles\8hlqw5i6.default\extensions
[2011.08.09 13:52:09 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Kai und Anna\AppData\Roaming\mozilla\Firefox\Profiles\8hlqw5i6.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.04.23 10:35:07 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Kai und Anna\AppData\Roaming\mozilla\Firefox\Profiles\8hlqw5i6.default\extensions\maps@ovi.com
[2012.03.05 16:40:50 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\Kai und Anna\AppData\Roaming\mozilla\firefox\profiles\8hlqw5i6.default\extensions\maps@ovi.com\plugins\package.XPI
[2012.10.31 16:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.31 16:35:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.09 06:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012.06.08 15:26:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.18 08:42:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.08 15:26:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.08 15:26:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.08 15:26:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 15:26:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2013.07.06 15:38:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKCU..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\spiele\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kai und Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kai und Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DK/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD263D5E-D9F7-4326-8C2C-D1DF5D7C5465}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEEE12E0-3A39-4EA7-854A-DF3C9FB965E5}: DhcpNameServer = 192.168.0.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.07 00:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kai und Anna\Desktop\OTL.exe
[2013.07.07 00:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.07.07 00:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.07.07 00:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.07.06 23:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.07.06 22:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.07.06 22:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.07.06 17:24:41 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013.07.06 16:40:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.06 16:37:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.06 15:10:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.06 15:10:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.06 15:10:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.06 15:10:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.06 15:10:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.06 15:09:43 | 005,086,173 | R--- | C] (Swearware) -- C:\Users\Kai und Anna\Desktop\ComboFix.exe
[2013.07.06 14:42:02 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kai und Anna\Desktop\tdsskiller.exe
[2013.07.06 08:59:52 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.05 21:24:29 | 000,000,000 | ---D | C] -- C:\Bücher
[2013.07.01 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.07 00:57:31 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 00:57:31 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 00:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kai und Anna\Desktop\OTL.exe
[2013.07.07 00:50:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.07 00:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.07 00:49:51 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.07 00:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.07 00:15:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.07 00:11:41 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.06 23:56:10 | 000,650,027 | ---- | M] () -- C:\Users\Kai und Anna\Desktop\adwcleaner.exe
[2013.07.06 23:51:20 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.06 22:42:48 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.06 19:06:15 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.06 16:46:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.06 16:46:46 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.06 16:46:46 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.06 16:46:46 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.06 16:46:46 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.06 15:38:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.06 15:10:00 | 005,086,173 | R--- | M] (Swearware) -- C:\Users\Kai und Anna\Desktop\ComboFix.exe
[2013.07.06 14:42:17 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kai und Anna\Desktop\tdsskiller.exe
[2013.07.05 20:58:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.05 20:58:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.05 20:45:39 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.07 00:11:41 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.06 23:55:55 | 000,650,027 | ---- | C] () -- C:\Users\Kai und Anna\Desktop\adwcleaner.exe
[2013.07.06 23:51:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.07.06 23:51:20 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.06 23:49:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.06 22:42:48 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.06 15:10:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.06 15:10:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.06 15:10:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.06 15:10:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.06 15:10:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.05 20:58:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.05 20:58:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.01.26 08:30:55 | 000,001,132 | ---- | C] () -- C:\Windows\wiso.ini
[2011.12.30 14:41:44 | 000,106,574 | ---- | C] () -- C:\Users\Kai und Anna\AppData\Roaming\Photo.jpg
[2011.12.27 16:32:16 | 000,000,581 | ---- | C] () -- C:\Users\Kai und Anna\AppData\Local\cookies.ini
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.09.28 09:07:29 | 000,001,570 | ---- | C] () -- C:\Users\Kai und Anna\AppData\Roaming\MyMicroBalanceConfig.ini
[2011.06.15 17:56:23 | 000,013,700 | ---- | C] () -- C:\Users\Kai und Anna\AppData\Local\slot1.mm1
[2010.12.03 19:18:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.27 13:36:03 | 000,002,528 | ---- | C] () -- C:\Users\Kai und Anna\AppData\Roaming\$_hpcst$.hpc
[2009.11.26 15:01:24 | 000,007,602 | ---- | C] () -- C:\Users\Kai und Anna\AppData\Local\Resmon.ResmonCfg
[2009.11.23 14:22:20 | 000,004,312 | ---- | C] () -- C:\Users\Kai und Anna\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.31 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Alawar
[2011.07.13 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\aliasworlds
[2010.10.11 07:25:07 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Ancient Quest of Saqqarah__intenium
[2011.02.04 12:14:44 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Audacity
[2013.01.24 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\BitComet
[2010.03.17 14:40:49 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\blg
[2013.07.06 23:24:29 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\BOM
[2012.01.26 08:28:57 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Buhl Data Service
[2012.11.01 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Canneverbe Limited
[2010.10.17 11:01:07 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\cerasus.media
[2012.07.28 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Coby
[2010.09.23 07:57:23 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\DAEMON Tools Lite
[2009.12.02 16:10:55 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\DeepBurner
[2012.11.01 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\DVDVideoSoft
[2009.12.28 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\EleFun Games
[2011.10.13 09:55:36 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\elsterformular
[2011.07.14 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Farm Mania 2.1
[2009.11.21 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\GameConsole
[2012.02.28 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Meridian93
[2009.12.22 16:52:45 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Merscom
[2010.03.27 17:25:22 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\MissTeriTale3
[2011.06.15 17:48:21 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\MumboJumbo
[2009.12.27 14:58:40 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\PC Suite
[2010.04.28 17:59:29 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\PhotoFiltre
[2011.06.17 13:13:43 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\PlayFirst
[2009.11.24 21:48:23 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\PowerCinema
[2012.10.04 08:49:00 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\ProtectDisc
[2011.12.29 18:22:52 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Samsung
[2010.05.19 10:20:47 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\ShinyTales
[2009.11.21 20:33:30 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\SoftDMA
[2011.12.31 11:49:04 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Sony
[2011.07.12 20:45:16 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\SulusGames
[2011.04.13 20:27:19 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Supermarket Mania 2
[2009.11.23 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Template
[2010.03.27 12:59:34 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\TheFixerUpper
[2010.09.02 08:46:30 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Thunderbird
[2009.12.25 00:04:49 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Ubisoft
[2009.11.26 21:50:57 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\UClick
[2010.02.10 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Wimpomat2
[2010.05.19 10:20:40 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Zylom
[2009.11.23 16:19:34 | 000,000,000 | ---D | M] -- C:\Users\Kai und Anna\AppData\Roaming\Zylom JanesZOO
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.07.06 16:40:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.05.12 10:16:55 | 000,000,000 | ---D | M] -- C:\2e8934c1a391660bf84129bc45088e
[2012.05.12 22:33:02 | 000,000,000 | ---D | M] -- C:\android
[2013.04.30 09:33:49 | 000,000,000 | ---D | M] -- C:\Anna Dokumente
[2011.05.25 21:57:24 | 000,000,000 | ---D | M] -- C:\anna krkhs
[2011.11.27 15:50:06 | 000,000,000 | ---D | M] -- C:\Annas Rezepte
[2013.07.06 23:35:55 | 000,000,000 | ---D | M] -- C:\AnnaSpiele
[2012.10.31 10:11:42 | 000,000,000 | ---D | M] -- C:\bilder
[2009.09.02 18:58:10 | 000,000,000 | ---D | M] -- C:\BOOK
[2009.08.22 12:23:06 | 000,000,000 | ---D | M] -- C:\Boot
[2013.07.05 21:24:53 | 000,000,000 | ---D | M] -- C:\Bücher
[2012.03.01 09:39:44 | 000,000,000 | ---D | M] -- C:\CandiSoft_Load!_0.7.2
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.21 20:24:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.14 10:19:26 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.05.25 17:18:42 | 000,000,000 | ---D | M] -- C:\dstt
[2009.11.21 20:29:04 | 000,000,000 | ---D | M] -- C:\elements
[2011.07.30 18:23:35 | 000,000,000 | ---D | M] -- C:\Fabians Bilder
[2013.01.28 10:36:50 | 000,000,000 | ---D | M] -- C:\fabians dokumente
[2011.12.21 10:35:37 | 000,000,000 | ---D | M] -- C:\filme
[2011.01.14 22:15:21 | 000,000,000 | ---D | M] -- C:\Fotos IPod
[2010.05.19 17:30:40 | 000,000,000 | ---D | M] -- C:\Fotos Wendy
[2013.07.06 22:34:59 | 000,000,000 | ---D | M] -- C:\FRST
[2009.08.22 07:15:26 | 000,000,000 | ---D | M] -- C:\Intel
[2012.05.19 18:08:20 | 000,000,000 | ---D | M] -- C:\Iphone
[2012.05.23 18:52:27 | 000,000,000 | ---D | M] -- C:\Iphone anna
[2012.10.17 19:47:44 | 000,000,000 | ---D | M] -- C:\kai
[2012.02.27 08:55:51 | 000,000,000 | ---D | M] -- C:\Kai Arbeit
[2012.05.28 10:51:31 | 000,000,000 | ---D | M] -- C:\mff
[2012.04.28 10:01:48 | 000,000,000 | ---D | M] -- C:\MP3
[2009.08.22 10:35:38 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.12.18 15:23:34 | 000,000,000 | ---D | M] -- C:\musik
[2012.10.04 16:37:30 | 000,000,000 | ---D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.07 00:11:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.06 23:43:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013.07.07 00:11:03 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.11.21 20:24:18 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.05 20:14:57 | 000,000,000 | ---D | M] -- C:\psp
[2013.07.06 16:37:59 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.11.21 20:24:18 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.07.06 23:39:18 | 000,000,000 | ---D | M] -- C:\spiele
[2011.08.21 09:49:43 | 000,000,000 | ---D | M] -- C:\spiele anna
[2012.07.01 17:11:16 | 000,000,000 | ---D | M] -- C:\spiele ds
[2013.07.07 00:58:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.30 18:30:29 | 000,000,000 | ---D | M] -- C:\test
[2011.06.19 13:00:48 | 000,000,000 | ---D | M] -- C:\usb stick
[2009.11.21 20:24:25 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.28 10:12:03 | 000,000,000 | ---D | M] -- C:\wii
[2012.03.03 14:41:24 | 000,000,000 | ---D | M] -- C:\wii spiele
[2013.07.06 17:24:41 | 000,000,000 | ---D | M] -- C:\Windows
[2012.11.01 15:24:36 | 000,000,000 | ---D | M] -- C:\XP
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2011.08.12 17:24:15 | 000,495,616 | ---- | M] (Gigaset Communications GmbH) -- C:\Windows\system32\Gqstsp.tsp
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.04.16 09:27:53 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.04.16 09:27:53 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.07.06 23:49:34 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.07.07 00:58:10 | 002,883,584 | -HS- | M] () -- C:\Users\Kai und Anna\ntuser.dat
[2013.07.07 00:58:10 | 000,262,144 | -HS- | M] () -- C:\Users\Kai und Anna\ntuser.dat.LOG1
[2011.11.27 17:02:07 | 000,262,144 | -HS- | M] () -- C:\Users\Kai und Anna\ntuser.dat.LOG2
[2009.11.21 23:33:15 | 000,065,536 | -HS- | M] () -- C:\Users\Kai und Anna\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.11.21 23:33:15 | 000,524,288 | -HS- | M] () -- C:\Users\Kai und Anna\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.11.21 23:33:15 | 000,524,288 | -HS- | M] () -- C:\Users\Kai und Anna\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.06.05 09:30:35 | 000,065,536 | -HS- | M] () -- C:\Users\Kai und Anna\ntuser.dat{9bbf011f-8d24-11e0-a776-001e658dc030}.TM.blf
[2011.06.05 09:30:35 | 000,524,288 | -HS- | M] () -- C:\Users\Kai und Anna\ntuser.dat{9bbf011f-8d24-11e0-a776-001e658dc030}.TMContainer00000000000000000001.regtrans-ms
[2011.06.05 09:30:35 | 000,524,288 | -HS- | M] () -- C:\Users\Kai und Anna\ntuser.dat{9bbf011f-8d24-11e0-a776-001e658dc030}.TMContainer00000000000000000002.regtrans-ms
[2010.02.03 18:39:42 | 000,065,536 | -HS- | M] () -- C:\Users\Kai und Anna\NTUSER.DAT{ac982ec3-10e2-11df-a5f5-001e658dc030}.TM.blf
[2010.02.03 18:39:42 | 000,524,288 | -HS- | M] () -- C:\Users\Kai und Anna\NTUSER.DAT{ac982ec3-10e2-11df-a5f5-001e658dc030}.TMContainer00000000000000000001.regtrans-ms
[2010.02.03 18:39:42 | 000,524,288 | -HS- | M] () -- C:\Users\Kai und Anna\NTUSER.DAT{ac982ec3-10e2-11df-a5f5-001e658dc030}.TMContainer00000000000000000002.regtrans-ms
[2009.11.21 20:24:28 | 000,000,020 | -HS- | M] () -- C:\Users\Kai und Anna\ntuser.ini
[2011.03.09 15:22:48 | 000,000,000 | ---- | M] () -- C:\Users\Kai und Anna\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:18897B1D
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:C7B98566
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EF5B3572
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:43E95997

< End of report >

Kaipi · 07.07.2013, 00:23

etra.txt

Code:

ATTFilter

OTL Extras logfile created on: 07.07.2013 00:55:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kai und Anna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,24% Memory free
7,99 Gb Paging File | 6,64 Gb Available in Paging File | 83,08% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 10,16 Gb Free Space | 2,24% Space Free | Partition Type: NTFS
 
Computer Name: KAIUNDANNA-PC | User Name: Kai und Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B1A57C-52E5-42A4-B51D-117F7818E806}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{0487642E-CC85-4E86-8209-A0F5829AA2DC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{181EE952-FDBB-4440-AA87-6A67A62CE2C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1A737202-3437-42C4-8E51-D206A96F2946}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1AC1A80D-1D47-4A69-ADD9-1751410D31F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2856C952-AB0C-458D-BEB4-86387EA610C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F7D45FD-F54A-46F5-B893-BF611C37E9EB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4837AA24-B372-4E2B-B4C9-905B7E5631EE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4AE7BF61-8E7B-4F8C-9373-F4AF72F1607E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BA0D324-3882-4E73-B6C0-F3083B780DB7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5455FEF0-D959-49EF-9789-D88F9B3A3EB9}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{662176CA-E0B1-4AAC-B5E9-7F0092DCA60E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{728443AB-05E5-4687-9143-C46B31FA85A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74665969-CC06-436F-9990-CF6AF38F16AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{81DDC158-7AB2-4EE0-B79A-BA812E5C23B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{94E93358-DBAD-4C27-964E-3A4D90CC78F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{96BA3064-F795-4FC4-9174-08832E832CB5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B1C644CB-C76B-47C3-A126-62591B5E849F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB315845-3E13-4795-AA04-3A75E4240EC6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C340C6F2-131F-425B-B71E-CF071E9505E8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D11EF1BD-F8CE-4455-B126-897963C1EEBB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E084241A-0255-404F-A410-FBC4C15F6D42}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EF4CC86F-BDEC-41F7-9E0F-0D189A69AB4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F0052241-D6DB-41EE-A7FF-3BFA026011D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F0813E5C-9D2D-48F2-931C-ACA62107CD2B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F73B6DE1-6D4F-4353-B77F-612D2D20CB7F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FAB005F3-3214-4588-B2E8-C83031E4393D}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ECF697-D80C-46E8-B467-6EBD8F4C93D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{092DAEAA-DE2F-45C6-858F-8F2E72EA9BBD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{09F68AE8-775E-48F6-97A1-C1D4C00190B6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0DB6F52F-2488-4615-B42D-CC238964C6BE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{14880233-4EF7-4F3B-B3FE-D89D08C8DA25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{197EACC3-92AC-462E-A336-814F0E906DA4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{1BE3566B-AF00-4F1F-9883-5E4C75E203F6}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08x\faxrx.exe | 
"{22DBCB0E-E98D-4D75-8E9F-8D5DD5756A0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F24A1D2-AC25-4969-8C8C-8F1C06B69D0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40BB2FFB-12E7-4B55-8323-C8609F3B9E8C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{419483B8-E53B-4670-B436-BD62DAEF765A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{45DB30E3-8014-4D7B-B8B6-EAB7F3E57DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{485DDBC8-A7B8-4D16-B748-B6860F2C59BA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4BD011D4-6B3D-485F-B1DD-0626119B9DD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5473ED50-65AA-45BD-AEEC-802F5C5A9F9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{709F98C6-1B56-469C-AA7C-7E33F537B2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{75C70BA4-13EE-46FA-B1D0-DC243CE791BE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{779D5BD0-953D-47CB-88C1-B2D4CD45D7F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82B4114C-0368-4345-815E-E0A29B513302}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{880E871A-DDA5-49E4-BCB7-893E1B755EA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{894B1E09-0D5E-4004-876E-F36A11A9F701}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{8956B780-0CBF-4C91-8172-BF4B4C509B5B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{917598CA-D7EE-400C-8AE1-632044DE69DC}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{9B8EE9EE-4849-4639-A67F-8F0D4B62514A}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"{9F29F65D-1EDC-4ABB-91E9-9DB330F63F01}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{A2EC913D-A295-46DC-806C-2DA004A21F16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A374E719-C281-49CC-851A-80EBDF82723F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{A5A48B92-8A06-46CC-AB98-D30EDF70F628}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{A79F837F-4EAE-48A7-9126-7A09159FA145}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC5590E5-CE29-46D2-8FB7-E5205A6E7567}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AE990F64-82D6-444C-8776-9065150D7F26}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{AFB65101-CD20-436C-A52C-BE12707A02D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B4FED496-16F3-4B9F-82A4-301C14895E03}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{B6BD2D0D-3324-4D28-8A84-1E7435F03084}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08x\faxrx.exe | 
"{BC4B1FF2-B7D2-4DBB-A81E-EFF60F0DCE51}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BF401319-FFC7-40D3-B34D-B813E785A41C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C0B9ACB7-291D-4A95-A36B-FC50C1005D5E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C0D2C281-243A-48ED-99E1-FE8B8E02791F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C2199FFA-7B6A-495D-8860-A85892CE2BC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8584B85-9CC5-4710-AB8A-DA6318109836}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"{C8DA8170-588B-43F7-B125-62BE621AFC9D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D55417A3-7143-4458-877C-2AFD6AB560CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D8AABB03-CA8D-478A-9763-5281D43A0491}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{D9DAA8FD-9B25-4F58-AEDC-5FA354D389F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E004B37D-0603-4931-8D11-63CE217C3D73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E2ED0E03-FA33-4CE6-80E7-DE9C03AC6974}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E4A3A374-1CF3-419B-940C-412C6B9E94E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E4C1D1B0-946C-41DA-BD4A-7AC912508DC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E53DAC7F-5FA4-40EA-B8A0-82A8EC5E2628}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{EEAC57E9-6392-44A5-B39C-37F18B0C9782}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{F3C92902-4ADC-47F3-B69F-75964101B6FD}" = protocol=6 | dir=out | app=system | 
"{F876C9CB-BE3C-44E8-B265-6EA03BF7E48D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{FA86C1AA-64C7-4D5A-9796-6188CB92342F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"TCP Query User{13AA14FD-45A7-48D8-80CB-7BEE21990064}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"TCP Query User{488F041A-7831-4380-8831-EB72D09DB208}C:\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=c:\candisoft_load!_0.7.2\load.exe | 
"TCP Query User{9D72E9A8-5656-4D79-AEF7-FCCC9B6AAC93}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{F064A0EB-B814-41E2-913F-C607E6F51CFA}C:\program files (x86)\bitcomet\bitcomet_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet_x64.exe | 
"UDP Query User{23CE13BA-769A-432E-B2CB-45E6FE9D796C}C:\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=c:\candisoft_load!_0.7.2\load.exe | 
"UDP Query User{349517CA-0F89-4A19-A046-D57CCFFFE384}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"UDP Query User{AE7955AE-5AD8-42D5-980C-2B721216D8CE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E4EE7E9F-DA74-44B0-AD74-5773CEBC94D5}C:\program files (x86)\bitcomet\bitcomet_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet_x64.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2c2f4c57-83a8-4790-a281-e83d306a9199}" = Gigaset QuickSync
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A1DE746-F5D0-4A21-943B-39A3F243C32A}" = ArcSoft TotalMedia HDCam
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}" = ArcSoft Print Creations
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9658164A-D7E9-4D47-8541-10ABFF15C5B7}_is1" = Diner Dash 5 BOOM Sammleredition Version 1.0.1.302
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFG-Zuma Deluxe" = Zuma Deluxe
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"ElsterFormular 12.4.0.7094u" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GridVista" = Acer GridVista
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Luxor 5th Passage" = Luxor 5th Passage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nanny 911" = Nanny 911
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Das Wein-Imperium" = Das Wein-Imperiumuxe
"Fashion Craze Deluxe" = Fashion Craze Deluxe
"PhotoFiltre" = PhotoFiltre
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2013 12:13:19 | Computer Name = KaiundAnna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.07.2013 12:13:19 | Computer Name = KaiundAnna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 80476532
 
Error - 02.07.2013 12:13:19 | Computer Name = KaiundAnna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 80476532
 
Error - 05.07.2013 14:46:49 | Computer Name = KaiundAnna-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_InitScan konnte nicht geladen werden.  Fehlercode: 
0x2
 
Error - 05.07.2013 15:12:39 | Computer Name = KaiundAnna-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x65866c6a  ID des fehlerhaften
 Prozesses: 0x1300  Startzeit der fehlerhaften Anwendung: 0x01ce79b39c01e146  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\explorer.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: dbc3a063-e5a6-11e2-832d-001f16c4478b
 
Error - 06.07.2013 10:26:22 | Computer Name = KaiundAnna-PC | Source = VSS | ID = 18
Description = 
 
Error - 06.07.2013 10:26:22 | Computer Name = KaiundAnna-PC | Source = VSS | ID = 8193
Description = 
 
Error - 06.07.2013 10:26:22 | Computer Name = KaiundAnna-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 06.07.2013 17:25:31 | Computer Name = KaiundAnna-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514,
 Zeitstempel: 0x4ce792c4  Name des fehlerhaften Moduls: _is68F3.tmp, Version: 2.6.40.0,
 Zeitstempel: 0x4c8dbfd3  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00021960  ID des fehlerhaften
 Prozesses: 0xd68  Startzeit der fehlerhaften Anwendung: 0x01ce7a8f4a1c348a  Pfad der
 fehlerhaften Anwendung: C:\Windows\syswow64\MsiExec.exe  Pfad des fehlerhaften Moduls:
 C:\Users\KAIUND~1\AppData\Local\Temp\_is68F3.tmp  Berichtskennung: 95633c9b-e682-11e2-bc7c-001f16c4478b
 
Error - 06.07.2013 17:35:55 | Computer Name = KaiundAnna-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x65de17f8  ID des fehlerhaften
 Prozesses: 0x17b0  Startzeit der fehlerhaften Anwendung: 0x01ce7a90cbed1dd8  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\explorer.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 09d191d5-e684-11e2-bc7c-001f16c4478b
 
[ System Events ]
Error - 06.07.2013 10:35:12 | Computer Name = KaiundAnna-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 06.07.2013 10:38:12 | Computer Name = KaiundAnna-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.07.2013 10:38:12 | Computer Name = KaiundAnna-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.07.2013 10:40:34 | Computer Name = KaiundAnna-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 06.07.2013 10:44:37 | Computer Name = KaiundAnna-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80004004 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2834140)
 
Error - 06.07.2013 11:18:44 | Computer Name = KaiundAnna-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 06.07.2013 16:38:19 | Computer Name = KaiundAnna-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 06.07.2013 17:44:28 | Computer Name = KaiundAnna-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 06.07.2013 17:59:23 | Computer Name = KaiundAnna-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 06.07.2013 18:51:15 | Computer Name = KaiundAnna-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

Hallo Markus ,

Bin ich denn jetzt fertig oder muss ich noch was machen ?

Gruss Kai

markusg · 08.07.2013, 13:29

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKCU\..\SearchScopes\{C7BA8270-248A-40A4-A815-6C1EF77E00E9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=85918184-0266-47fb-8e9d-e48dec13595c&apn_sauid=1AB24892-DE83-4497-8B1D-8F17963D0AF8
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
No CLSID value found.
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kai und Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kai und Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
File not found
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.