Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.07.2013, 11:32   #1
Andy1987x
 
Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! - Standard

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!



OTL logfile created on: 24.07.2013 12:14:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andy\Desktop\Neuer Ordner
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,19% Memory free
16,05 Gb Paging File | 13,65 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,46 Gb Total Space | 211,18 Gb Free Space | 46,06% Space Free | Partition Type: NTFS
Drive D: | 458,41 Gb Total Space | 410,10 Gb Free Space | 89,46% Space Free | Partition Type: NTFS
Drive E: | 18,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANDY-PC | User Name: andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.24 12:13:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andy\Desktop\Neuer Ordner\OTL.exe
PRC - [2013.07.16 19:54:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.06.26 21:40:15 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.06.26 21:40:14 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013.06.26 21:40:13 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013.06.26 13:21:22 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.26 13:21:14 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.26 13:21:14 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\andy\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.13 17:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
PRC - [2012.10.04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.19 19:14:14 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\java.exe
PRC - [2011.05.17 09:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) -- C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.11.18 05:07:22 | 000,569,344 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
PRC - [2010.11.18 05:07:04 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010.10.29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
PRC - [2010.05.28 17:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009.01.12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.10.27 03:27:16 | 001,794,048 | ---- | M] (Edimax Technology Co.) -- C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe


========== Modules (No Company Name) ==========

MOD - [2013.07.16 19:54:48 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.06.26 21:40:16 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013.06.26 21:40:16 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2013.06.26 21:40:15 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.10.13 17:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
MOD - [2008.12.22 09:50:28 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2008.11.21 13:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.07.16 19:54:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.26 21:40:14 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013.06.26 13:21:22 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.26 13:21:14 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.12 15:21:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.07 15:54:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.08.23 15:40:04 | 000,188,760 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.01.24 12:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV - [2011.08.01 18:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.06.14 14:57:29 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.05.17 09:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.05.28 17:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.01 12:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.05.12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.06.26 21:40:16 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.29 23:27:18 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.29 23:27:18 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.29 23:27:18 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.21 12:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.04 16:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011.05.23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011.04.05 21:00:03 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.05 11:13:08 | 000,628,840 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.10 23:16:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.04.10 22:43:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008.07.30 21:27:14 | 000,792,576 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2008.07.22 05:11:18 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.01.21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008.01.21 04:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007.06.29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006.09.18 23:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64)
DRV - [2010.07.15 19:37:06 | 000,203,864 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008.09.30 10:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.avg.com/?cid=&mid=& [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB
IE - HKCU\..\SearchScopes\{480895A8-4E1F-46BA-B874-676ECAEBF0AA}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE426
IE - HKCU\..\SearchScopes\{6C8252B8-767D-4525-9222-039C5FFDE6D0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=dbd9583e-4199-4dcf-8b1a-9ca10cad4d52&apn_sauid=7F56338C-2D7E-4469-9A40-138FC4BA9D34
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4504E953-4B99-4BD8-83B3-9C3BE5D7DC4F}&mid=193e01731d4f47d0ad83d16b2edc337c-9a17b43a29ba30b5145348a65b47eabb4e5f0f45&lang=de&ds=tt014&pr=sa&d=2012-11-10 13:47:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyFw6p1KD&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de/"
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3
FF - prefs.js..extensions.enabledAddons: 0001.amztoolbar%40minimalarts.de:1.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B5786d022-540e-4699-b350-b4be0ae94b79%7D:3.19.0.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.04 18:32:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013.02.03 21:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2013.02.03 21:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.16 19:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.16 19:54:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\andy\AppData\Roaming\5025 [2013.07.24 11:54:38 | 000,000,000 | ---D | M]

[2011.12.13 12:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\Extensions
[2013.07.16 16:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions
[2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}
[2013.07.24 11:54:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Toolbar für amazon.de) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\0001.amztoolbar@minimalarts.de
[2013.07.21 21:49:30 | 000,000,000 | ---D | M] (Lyrics-Monkey) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\122
[2013.07.24 11:54:39 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\avg@toolbar
[2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@babylon.com
[2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@delta.com
[2013.07.24 11:54:39 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@incredibar.com
[2012.08.23 18:30:44 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\ciuvo-extension@icq.de.xpi
[2012.12.11 15:00:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.08 20:03:22 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013.02.20 18:59:55 | 000,002,413 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\askcom.xml
[2013.07.21 21:48:10 | 000,006,513 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\babylon.xml
[2013.05.28 19:00:33 | 000,006,503 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\BrowserProtect.xml
[2013.07.16 15:47:03 | 000,000,925 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\conduit.xml
[2013.05.28 19:00:41 | 000,001,294 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\delta.xml
[2012.11.01 11:30:22 | 000,001,632 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\firefox-add-ons.xml
[2013.07.23 19:44:46 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-1.xml
[2013.03.09 15:48:59 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-10.xml
[2013.03.10 20:40:35 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-11.xml
[2013.04.09 21:16:38 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-12.xml
[2013.04.12 15:49:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-13.xml
[2013.04.23 15:52:25 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-14.xml
[2013.05.28 18:57:01 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-15.xml
[2013.05.28 19:00:25 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-16.xml
[2013.05.28 19:00:43 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-17.xml
[2013.06.26 21:40:48 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-18.xml
[2013.07.21 21:48:16 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-19.xml
[2012.12.09 23:07:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-2.xml
[2013.07.21 21:50:15 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-20.xml
[2013.07.21 21:53:05 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-21.xml
[2013.07.21 21:59:50 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-22.xml
[2013.07.23 11:54:40 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-23.xml
[2013.07.23 11:58:18 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-24.xml
[2013.07.24 12:10:28 | 000,000,656 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-25.xml
[2012.09.17 18:14:40 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-3.xml
[2012.10.29 08:57:22 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-4.xml
[2012.11.01 10:53:02 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-5.xml
[2013.01.11 15:31:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-6.xml
[2013.01.23 17:10:49 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-7.xml
[2013.02.06 17:25:37 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-8.xml
[2013.02.18 16:44:38 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-9.xml
[2012.07.19 15:49:19 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin.xml
[2013.07.21 21:48:21 | 000,001,305 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\mixidj.xml
[2012.10.23 18:18:45 | 000,003,915 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\sweetim.xml
[2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.16 19:54:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.10.24 00:49:22 | 001,826,192 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2013.05.21 16:29:34 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.04.05 20:59:31 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: TV = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Uhr = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\
CHR - Extension: avast! WebRep = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: SweetIM for Facebook = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19\
CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122\
CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.125\
CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0\
CHR - Extension: Sprocket Rocket = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0\
CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: TV = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Uhr = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\
CHR - Extension: avast! WebRep = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: SweetIM for Facebook = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19\
CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122\
CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.125\
CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0\
CHR - Extension: Sprocket Rocket = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0\
CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\andy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Epson Stylus Photo PX710W(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SC574.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD)
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{182A12D2-15A4-4214-A1C6-6E1119F957E7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4898D81A-7189-4D10-8282-6631EE88EF62}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3BFD8EA-C7EB-4EBF-8B27-9F763C2CD10F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.24 11:54:17 | 000,000,000 | ---D | M] - C:\AutoCAD Plant 3D 2011 Content -- [ NTFS ]
O33 - MountPoints2\{87924176-839d-11e0-8df8-00226838da8f}\Shell - "" = AutoRun
O33 - MountPoints2\{87924176-839d-11e0-8df8-00226838da8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LANLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.24 11:01:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.23 11:24:53 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\YVwAvuyo
[2013.07.23 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\QOzRNmaj
[2013.07.23 11:24:51 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\Dirty
[2013.07.21 21:51:52 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Roaming\FSC
[2013.07.21 21:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.07.21 13:00:34 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Neuer Ordner (2)
[2013.07.20 18:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(37)
[2013.07.20 18:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.07.20 18:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update(0)
[2013.07.20 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(36)
[2013.07.20 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour(17)
[2013.07.20 13:35:19 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Roaming\WindSolutions
[2013.07.20 13:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2013.07.20 12:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2013.07.20 12:26:41 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Neuer Ordner
[2013.07.20 12:07:35 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Spartacus
[2013.07.20 12:03:46 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Programme
[2013.07.20 12:03:37 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Spiele
[2013.07.20 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Filme
[2013.07.20 12:03:25 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Musik
[2013.07.17 12:56:04 | 000,000,000 | R--D | C] -- C:\Users\andy\Favorites
[2013.07.16 19:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.25 20:21:31 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.24 12:11:09 | 001,452,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.24 12:11:09 | 000,631,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.24 12:11:09 | 000,598,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.24 12:11:09 | 000,127,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.24 12:11:09 | 000,105,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.24 12:03:36 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.24 12:03:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 12:03:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 12:03:35 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.07.24 12:03:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.24 11:22:39 | 000,001,356 | ---- | M] () -- C:\Users\andy\AppData\Local\d3d9caps.dat
[2013.07.20 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.20 14:03:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.20 13:33:44 | 008,249,273 | R--- | M] () -- C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip
[2013.07.20 13:20:59 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.20 12:44:18 | 000,000,186 | ---- | M] () -- C:\Users\andy\AppData\Roaming\wklnhst.dat
[2013.07.20 12:27:55 | 000,001,700 | ---- | M] () -- C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk
[2013.07.16 16:02:04 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2013.07.10 21:32:57 | 652,037,851 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.07.01 14:54:50 | 003,041,315 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2527.JPG
[2013.07.01 14:54:32 | 002,344,541 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2525.JPG
[2013.07.01 14:40:38 | 002,756,746 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2524.JPG
[2013.07.01 14:40:22 | 002,152,937 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2523.JPG
[2013.07.01 14:33:58 | 002,344,318 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2521.JPG
[2013.07.01 14:30:26 | 001,934,462 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2519.JPG
[2013.07.01 14:30:02 | 002,105,307 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2518.JPG
[2013.07.01 14:29:58 | 002,124,730 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2517.JPG
[2013.06.26 21:40:46 | 000,003,718 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013.06.26 21:40:16 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.21 13:39:33 | 003,041,315 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2527.JPG
[2013.07.21 13:39:31 | 002,344,541 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2525.JPG
[2013.07.21 13:39:24 | 002,756,746 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2524.JPG
[2013.07.21 13:39:21 | 002,152,937 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2523.JPG
[2013.07.21 13:39:19 | 002,344,318 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2521.JPG
[2013.07.21 13:38:52 | 001,934,462 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2519.JPG
[2013.07.21 13:38:50 | 002,105,307 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2518.JPG
[2013.07.21 13:38:48 | 002,124,730 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2517.JPG
[2013.07.20 13:33:39 | 008,249,273 | R--- | C] () -- C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip
[2013.07.20 13:20:59 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.20 12:27:55 | 000,001,700 | ---- | C] () -- C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk
[2013.06.26 21:40:03 | 000,003,718 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012.09.25 20:40:22 | 000,000,797 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{71E7C1C8-2DC8-46A7-97BA-5ECE92DC7AED}_sta
[2012.09.25 20:40:22 | 000,000,794 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{71E7C1C8-2DC8-46A7-97BA-5ECE92DC7AED}_prof
[2012.09.25 20:38:35 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\rt2870.bin
[2012.09.25 20:38:34 | 000,014,640 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.09.25 20:38:19 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\RAEXTUI.dll
[2012.09.25 20:31:51 | 000,000,808 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{D6E232D7-E90E-47CB-AAD2-C8AA3DD43AA8}_prof
[2012.09.25 20:31:51 | 000,000,797 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{D6E232D7-E90E-47CB-AAD2-C8AA3DD43AA8}_sta
[2012.09.04 16:13:04 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.02.22 16:34:25 | 000,000,186 | ---- | C] () -- C:\Users\andy\AppData\Roaming\wklnhst.dat
[2012.01.25 01:15:30 | 000,000,904 | ---- | C] () -- C:\Users\andy\PokerStars.lnk
[2012.01.12 20:20:53 | 017,153,049 | ---- | C] () -- C:\Users\andy\Als Doorgunner in Mazar-e Sharif[1].mp4
[2012.01.12 15:33:21 | 000,077,190 | ---- | C] () -- C:\Users\andy\lustig.jpg
[2012.01.06 22:29:09 | 000,393,897 | R--- | C] () -- C:\Users\andy\reparaturauftrag.pdf
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 13:02:18 | 000,001,356 | ---- | C] () -- C:\Users\andy\AppData\Local\d3d9caps.dat
[2011.09.27 09:37:31 | 000,011,536 | ---- | C] () -- C:\Users\andy\319547_235679213147029_222573687790915_621351_891860537_n.jpg
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.28 14:25:59 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2011.07.10 21:29:45 | 000,000,058 | ---- | C] () -- C:\Users\andy\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.04.09 21:49:46 | 000,104,448 | ---- | C] () -- C:\Users\andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.04 23:17:24 | 000,000,732 | ---- | C] () -- C:\Users\andy\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.10.18 16:06:10 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012.10.18 16:06:10 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4D066AD2

< End of report >













OTL Extras logfile created on: 24.07.2013 12:14:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andy\Desktop\Neuer Ordner
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,19% Memory free
16,05 Gb Paging File | 13,65 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,46 Gb Total Space | 211,18 Gb Free Space | 46,06% Space Free | Partition Type: NTFS
Drive D: | 458,41 Gb Total Space | 410,10 Gb Free Space | 89,46% Space Free | Partition Type: NTFS
Drive E: | 18,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANDY-PC | User Name: andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 67 BD A5 90 0C F3 CB 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-9017-0407-1102-0060B0CE6BBA}" = AutoCAD Plant 3D 2011 Language Pack - Deutsch
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A109BCE-6CC8-7AF4-EF13-E5EC6BACFFA5}" = ATI AVIVO64 Codecs
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADE357A9-1514-A3CB-2053-EFAC5B6698C0}" = ATI Problem Report Wizard
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON PX710W Series" = EPSON PX710W Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"WNLT" = IB Updater Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1" = FINAL FANTASY VII
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{186688D8-B50B-41d9-B036-CAE52CCB86AE}_is1" = Ashampoo 3D CAD Professional 3
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = EDIMAX Edimax Wireless LAN
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37D290AF-6602-4C22-9AF8-66CB7231C729}" = minimal arts - Toolbar für amazon.de
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F3E292-7DB2-4FC1-A270-DFDD77448EA2}" = WinFunktion Mathematik plus 19
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CA671A5-954C-4B75-8104-7B085246A8B5}" = dolp_demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7FF30785-278C-4D1C-858B-349F7373A991}" = Free-Jahreskalender 2013
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Activision(R)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D82F4E66-B3F6-4482-879E-AAC745CCFE0F}" = DraftSight
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DB90B88C-DDA6-4831-B73D-58B4B8F3D349}" = Document Express DjVu Plug-in
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED83D14F-8100-63D0-9329-77A92380EB92}" = HydraVision
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE79A8D3-6676-41FF-967C-242017CEC0F2}" = MAGIX Screenshare
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"BewerbungsGenie 7_is1" = DATA BECKER BewerbungsGenie 7
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"delta" = Delta toolbar
"Dishonored German (c) Bethesda_is1" = Dishonored German (c) Bethesda version 1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Benutzerhandbuch" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch
"FluidSIM 4.2n Pneumatik Demoversion" = FluidSIM 4.2n Pneumatik Demoversion
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.24.430
"Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0" = Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"iLivid" = iLivid
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Ice Age 3 Die Dinosaurier sind los(TM)
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"MAGIX_{EE79A8D3-6676-41FF-967C-242017CEC0F2}" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.7
"PokerStars.eu" = PokerStars.eu
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PS3 Media Server" = PS3 Media Server
"Rockstar Games Social Club" = Rockstar Games Social Club
"ScreenshotCaptor_is1" = Screenshot Captor 2.88.01
"StarCraft II" = StarCraft II
"Streamripper" = Streamripper (Remove only)
"Sweet Home 3D_is1" = Sweet Home 3D version 4.0
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VLC media player" = VLC media player 0.9.9
"WhiteCap" = WhiteCap
"WinLiveSuite" = Windows Live Essentials
"WinX Free MP4 to WMV Converter_is1" = WinX Free MP4 to WMV Converter 4.1.3
"XP Codec Pack" = XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FoxTab Media Player" = FoxTab Media Player
"PassportPhoto" = PassportPhoto (remove)
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11.09.2012 11:08:01 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description =

Error - 11.09.2012 11:13:17 | Computer Name = andy-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60,
Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024,
Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360,
Prozess-ID
0xa58, Anwendungsstartzeit 01cd902daafa0a07.

Error - 12.09.2012 10:05:30 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103
Description =

Error - 12.09.2012 10:06:38 | Computer Name = andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.09.2012 10:09:02 | Computer Name = andy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 12.09.2012 10:09:28 | Computer Name = andy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 12.09.2012 10:29:22 | Computer Name = andy-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60,
Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024,
Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360,
Prozess-ID
0xa44, Anwendungsstartzeit 01cd90ef9b10d517.

Error - 12.09.2012 10:48:25 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103
Description =

Error - 12.09.2012 10:49:30 | Computer Name = andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.09.2012 10:50:00 | Computer Name = andy-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60,
Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024,
Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360,
Prozess-ID
0xa70, Anwendungsstartzeit 01cd90f599be9497.

[ System Events ]
Error - 24.07.2013 06:04:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016
Description =

Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 24.07.2013 06:06:52 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 24.07.2013 06:14:35 | Computer Name = andy-PC | Source = DCOM | ID = 10016
Description =

Error - 24.07.2013 06:14:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016
Description =

Error - 24.07.2013 06:24:35 | Computer Name = andy-PC | Source = DCOM | ID = 10016
Description =

Error - 24.07.2013 06:24:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016
Description =


< End of report >

Alt 24.07.2013, 11:39   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! - Standard

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.07.2013, 11:45   #3
Andy1987x
 
Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! - Standard

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!



ok
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by andy (administrator) on 24-07-2013 12:42:21
Running from C:\Users\andy\Desktop\Neuer Ordner
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Tanuki Software, Ltd.) C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Windows\system32\locator.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Windows\SysWOW64\java.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
(Akamai Technologies, Inc.) C:\Users\andy\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Edimax Technology Co.) C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Akamai Technologies, Inc.) C:\Users\andy\AppData\Local\Akamai\netsession_win.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] - Skytel.exe [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [HydraVisionMDEngine] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe [569344 2010-11-18] (AMD)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\andy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Epson Stylus Photo PX710W(Netzwerk)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SC574.tmp" /EF "HKCU" [x]
HKCU\...\Run: [phonostar-PlayerTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2012-10-13] ()
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-18] (AMD)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n. ATTENTION! ====> ZeroAccess?
MountPoints2: L - L:\LANLauncher.exe
MountPoints2: {87924176-839d-11e0-8df8-00226838da8f} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\EDIMAX\Common\RaUI.exe (Edimax Technology Co.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Search
iGoogle Redirect
Acer | explore beyond limits
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB
SearchScopes: HKCU - {480895A8-4E1F-46BA-B874-676ECAEBF0AA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6C8252B8-767D-4525-9222-039C5FFDE6D0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=dbd9583e-4199-4dcf-8b1a-9ca10cad4d52&apn_sauid=7F56338C-2D7E-4469-9A40-138FC4BA9D34
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={4504E953-4B99-4BD8-83B3-9C3BE5D7DC4F}&mid=193e01731d4f47d0ad83d16b2edc337c-9a17b43a29ba30b5145348a65b47eabb4e5f0f45&lang=de&ds=tt014&pr=sa&d=2012-11-10 13:47:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyFw6p1KD&i=26
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: MimalaAmazonToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Mimala Amazon Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default
FF user.js: detected! => C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=121562&tt=gc_&babsrc=NT_ss&mntrId=4406000E2EB7C6AB
FF Homepage: hxxp://www.goggle.de/
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-25.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\mixidj.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF Extension: Toolbar für amazon.de - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\0001.amztoolbar@minimalarts.de
FF Extension: Lyrics-Monkey - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\122
FF Extension: AVG Security Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\avg@toolbar
FF Extension: Babylon - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@babylon.com
FF Extension: Delta Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@delta.com
FF Extension: incredibar.com - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@incredibar.com
FF Extension: Ashampoo DE Community Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{5786d022-540e-4699-b350-b4be0ae94b79}
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: ciuvo-extension - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\andy\AppData\Roaming\5025
FF Extension: Java String Helper - C:\Users\andy\AppData\Roaming\5025

Chrome: 
=======
CHR HomePage: 		"homepage":	"",
CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=4406000E2EB7C6AB"
CHR Plugin: (				"name":	"Remoting Viewer",) - 				"path":	"internal-remoting-viewer",
CHR Plugin: (				"name":	"Native Client",) - 				"path":	"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll", No File
CHR Plugin: (				"name":	"Chrome PDF Viewer",) - 				"path":	"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll", No File
CHR Plugin: (				"name":	"Shockwave Flash",) - 				"path":	"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll", No File
CHR Plugin: (				"name":	"Shockwave Flash",) - 				"path":	"C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll", No File
CHR Plugin: (				"name":	"Adobe Acrobat",) - 				"path":	"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll", No File
CHR Plugin: (				"name":	"Java Deployment Toolkit 6.0.260.3",) - 				"path":	"C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll", No File
CHR Plugin: (				"name":	"Java(TM) Platform SE 6 U26",) - 				"path":	"C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll", No File
CHR Plugin: (				"name":	"Microsoft® Windows Media Player Firefox Plugin",) - 				"path":	"C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll", No File
CHR Plugin: (				"name":	"DjVu Plugin Viewer",) - 				"path":	"C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll", No File
CHR Plugin: (				"name":	"2007 Microsoft Office system",) - 				"path":	"C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll", No File
CHR Plugin: (				"name":	"fluxDVD Browser Plugin",) - 				"path":	"C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll", No File
CHR Plugin: (				"name":	"Google Update",) - 				"path":	"C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll", No File
CHR Plugin: (				"name":	"Windows Live® Photo Gallery",) - 				"path":	"C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll", No File
CHR Plugin: (				"name":	"iTunes Application Detector",) - 				"path":	"C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll", No File
CHR Plugin: (				"name":	"Protect Disc License Acquisition Plugin",) - 				"path":	"C:\Users\andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll", No File
CHR Plugin: (				"name":	"Windows Presentation Foundation",) - 				"path":	"c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll", No File
CHR Plugin: (				"name":	"Default Plug-in",) - 				"path":	"default_plugin", No File
CHR Extension: (TV) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0
CHR Extension: (YouTube) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Digital Clock) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0
CHR Extension: (avast! WebRep) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (SweetIM for Facebook) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0
CHR Extension: () - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19
CHR Extension: (Lyrics-Monkey) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122
CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0
CHR Extension: (Sprocket Rocket) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0
CHR Extension: (AVG Secure Search) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0
CHR Extension: (Gmail) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG)
S3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes)
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-10-01] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3889424 2011-08-01] (INCA Internet Co., Ltd.)
R2 PS3 Media Server; C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-17] (Tanuki Software, Ltd.)
R2 RalinkRegistryWriter; C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe [69632 2008-05-12] (Ralink Technology, Corp.)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search)
S4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-08-23] ()
S2 IBUpdaterService; %SystemRoot%\system32\dmwu.exe [x]
S2 WebOptimizer; %SystemRoot%\system32\dmwu.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-05] (DT Soft Ltd)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2008-07-22] (NVIDIA Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [55640 2006-09-18] (Realtek Semiconductor Corporation                           )
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows (R) Win 7 DDK provider)
R2 VBoxDrv; C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys [203864 2010-07-15] (Oracle Corporation)
S3 dump_wmimmc; \??\C:\AeriaGames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S1 ntiomin; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-24 12:41 - 2013-07-24 12:41 - 00000955 _____ C:\Users\andy\Desktop\Continue Zip Opener Installation.lnk
2013-07-24 11:01 - 2013-07-24 11:01 - 00000000 ____D C:\FRST
2013-07-23 11:24 - 2013-07-23 11:25 - 00000000 ____D C:\Users\andy\AppData\Local\Dirty
2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\YVwAvuyo
2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\QOzRNmaj
2013-07-21 21:51 - 2013-07-21 21:51 - 00000000 ____D C:\Users\andy\AppData\Roaming\FSC
2013-07-21 21:48 - 2013-07-23 12:09 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-07-21 13:00 - 2013-07-21 15:44 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner (2)
2013-07-20 18:24 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files\iPod(37)
2013-07-20 18:24 - 2013-07-20 18:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-20 18:23 - 2013-07-20 18:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update(0)
2013-07-20 18:21 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files\Bonjour(36)
2013-07-20 18:21 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files (x86)\Bonjour(17)
2013-07-20 13:35 - 2013-07-20 13:35 - 00000000 ____D C:\Users\andy\AppData\Roaming\WindSolutions
2013-07-20 13:34 - 2013-07-20 18:03 - 00000000 ____D C:\ProgramData\WindSolutions
2013-07-20 13:33 - 2013-07-20 13:33 - 08249273 ____R C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip
2013-07-20 13:20 - 2013-07-20 13:20 - 00000952 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 12:27 - 2013-07-20 12:27 - 00001700 _____ C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk
2013-07-20 12:26 - 2013-07-24 12:42 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner
2013-07-20 12:07 - 2013-07-20 19:10 - 00000000 ____D C:\Users\andy\Desktop\Spartacus
2013-07-20 12:03 - 2013-07-23 12:11 - 00000000 ____D C:\Users\andy\Desktop\Filme
2013-07-20 12:03 - 2013-07-20 12:41 - 00000000 ____D C:\Users\andy\Desktop\Musik
2013-07-20 12:03 - 2013-07-20 12:40 - 00000000 ____D C:\Users\andy\Desktop\Programme
2013-07-20 12:03 - 2013-07-20 12:10 - 00000000 ____D C:\Users\andy\Desktop\Spiele
2013-07-16 19:54 - 2013-07-16 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-10 21:33 - 2013-07-10 21:33 - 00262144 _____ C:\Windows\Minidump\Mini071013-01.dmp
2013-06-26 21:40 - 2013-06-26 21:40 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-06-25 20:21 - 2013-06-25 20:21 - 00000000 ____D C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338}

==================== One Month Modified Files and Folders =======

2013-07-24 12:42 - 2013-07-20 12:26 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner
2013-07-24 12:41 - 2013-07-24 12:41 - 00000955 _____ C:\Users\andy\Desktop\Continue Zip Opener Installation.lnk
2013-07-24 12:21 - 2012-07-01 20:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 12:11 - 2008-01-21 13:10 - 01452956 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 12:11 - 2008-01-21 13:09 - 00631120 _____ C:\Windows\system32\perfh007.dat
2013-07-24 12:11 - 2008-01-21 13:09 - 00127462 _____ C:\Windows\system32\perfc007.dat
2013-07-24 12:06 - 2012-07-02 16:34 - 00101414 _____ C:\Users\andy\Sti_Trace.log
2013-07-24 12:03 - 2013-07-20 18:24 - 00000000 ____D C:\Program Files\iPod(37)
2013-07-24 12:03 - 2013-07-20 18:21 - 00000000 ____D C:\Program Files\Bonjour(36)
2013-07-24 12:03 - 2013-07-20 18:21 - 00000000 ____D C:\Program Files (x86)\Bonjour(17)
2013-07-24 12:03 - 2013-06-03 18:47 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-24 12:03 - 2012-02-19 19:13 - 00000000 ____D C:\Users\andy\Desktop\PS3 Media Server
2013-07-24 12:03 - 2012-01-08 18:30 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 12:03 - 2011-04-04 23:17 - 00000000 ____D C:\Users\andy
2013-07-24 12:03 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 12:03 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 12:03 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 12:03 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-07-24 12:02 - 2006-11-02 14:33 - 90439680 _____ C:\Windows\system32\config\software_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 45088768 _____ C:\Windows\system32\config\components_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 31457280 _____ C:\Windows\system32\config\system_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 00057344 _____ C:\Windows\system32\config\sam_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 00020480 _____ C:\Windows\system32\config\security_previous
2013-07-24 11:54 - 2013-05-28 18:56 - 00000000 ____D C:\Users\andy\AppData\Roaming\Delta
2013-07-24 11:54 - 2013-03-11 20:47 - 00000000 ____D C:\Users\andy\AppData\Roaming\Kalenderchen
2013-07-24 11:54 - 2013-02-19 20:45 - 00000000 ____D C:\Users\andy\AppData\Local\iLivid
2013-07-24 11:54 - 2013-02-01 18:06 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-24 11:54 - 2013-02-01 18:03 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-24 11:54 - 2013-01-23 19:27 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSTATIK
2013-07-24 11:54 - 2012-12-30 18:49 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
2013-07-24 11:54 - 2012-12-30 18:20 - 00000000 ____D C:\Users\andy\Documents\StarCraft II
2013-07-24 11:54 - 2012-07-21 13:08 - 00000000 ____D C:\Users\andy\AppData\Local\MicrosoftStore
2013-07-24 11:54 - 2012-07-01 20:44 - 00000000 ____D C:\Users\andy\AppData\Roaming\mp3DirectCut
2013-07-24 11:54 - 2012-05-14 22:03 - 00000000 ____D C:\Users\andy\AppData\Roaming\ICQ Search
2013-07-24 11:54 - 2012-02-17 19:08 - 00000000 ____D C:\Users\andy\AppData\Roaming\DVDVideoSoft
2013-07-24 11:54 - 2012-01-30 00:15 - 00000000 ____D C:\Users\andy\AppData\Local\Akamai
2013-07-24 11:54 - 2012-01-08 18:31 - 00000000 ____D C:\Users\andy\AppData\Roaming\PhotoScape
2013-07-24 11:54 - 2011-11-10 23:02 - 00000000 ____D C:\Users\andy\AppData\Local\PokerStars.EU
2013-07-24 11:54 - 2011-10-30 18:53 - 00000000 ____D C:\Users\andy\AppData\Roaming\gtk-2.0
2013-07-24 11:54 - 2011-10-30 18:39 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouWave_Android
2013-07-24 11:54 - 2011-09-08 22:20 - 00000000 ____D C:\Users\andy\AppData\Roaming\5025
2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files\iTunes
2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files\iPod
2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-24 11:54 - 2011-06-14 17:48 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\ProgramData\Apple
2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\Program Files\Bonjour
2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-24 11:54 - 2011-06-14 15:03 - 00000000 ____D C:\AutoCAD Plant 3D 2011 Content
2013-07-24 11:54 - 2011-06-13 10:46 - 00000000 ____D C:\AiO-Files
2013-07-24 11:54 - 2011-05-26 22:38 - 00000000 ____D C:\Users\andy\AppData\Local\Microsoft Help
2013-07-24 11:54 - 2011-05-23 17:31 - 00000000 ____D C:\Users\andy\AppData\Local\PokerStars.NET
2013-07-24 11:54 - 2011-04-23 23:26 - 00000000 ____D C:\Users\andy\AppData\Roaming\ProtectDISC
2013-07-24 11:54 - 2011-04-21 07:24 - 00000000 ____D C:\Users\andy\AppData\Roaming\dvdcss
2013-07-24 11:54 - 2011-04-20 20:38 - 00000000 ____D C:\Users\andy\AppData\Roaming\vlc
2013-07-24 11:54 - 2011-04-08 15:22 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-24 11:54 - 2011-04-05 20:59 - 00000000 ____D C:\Users\andy\AppData\Roaming\Gutscheinmieze
2013-07-24 11:54 - 2011-04-05 19:25 - 00000000 ____D C:\Users\andy\Documents\UseNeXT
2013-07-24 11:54 - 2011-04-04 23:21 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-24 11:54 - 2011-04-04 23:17 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-07-24 11:54 - 2011-04-04 23:17 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-24 11:54 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2013-07-24 11:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2013-07-24 11:41 - 2011-04-04 23:08 - 01509939 _____ C:\Windows\WindowsUpdate.log
2013-07-24 11:22 - 2011-09-28 13:02 - 00001356 _____ C:\Users\andy\AppData\Local\d3d9caps.dat
2013-07-24 11:10 - 2008-01-21 05:26 - 07011402 _____ C:\Windows\PFRO.log
2013-07-24 11:01 - 2013-07-24 11:01 - 00000000 ____D C:\FRST
2013-07-23 12:11 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Filme
2013-07-23 12:09 - 2013-07-21 21:48 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-07-23 11:57 - 2013-02-16 14:03 - 00000000 ____D C:\Users\andy\AppData\Roaming\UseNeXT
2013-07-23 11:37 - 2009-01-23 12:39 - 00000000 ____D C:\Program Files (x86)\Acer Arcade Live
2013-07-23 11:25 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\Dirty
2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\YVwAvuyo
2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\QOzRNmaj
2013-07-23 11:24 - 2012-07-30 08:49 - 00000000 ____D C:\Users\andy\AppData\Local\{34E010AB-4EBA-4C22-80AA-8510855D73D4}
2013-07-21 21:51 - 2013-07-21 21:51 - 00000000 ____D C:\Users\andy\AppData\Roaming\FSC
2013-07-21 21:49 - 2006-11-02 15:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-21 21:49 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-07-21 15:44 - 2013-07-21 13:00 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner (2)
2013-07-20 19:10 - 2013-07-20 12:07 - 00000000 ____D C:\Users\andy\Desktop\Spartacus
2013-07-20 19:10 - 2011-08-18 21:22 - 00025473 _____ C:\Windows\setupact.log
2013-07-20 18:24 - 2013-07-20 18:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-20 18:23 - 2013-07-20 18:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update(0)
2013-07-20 18:03 - 2013-07-20 13:34 - 00000000 ____D C:\ProgramData\WindSolutions
2013-07-20 14:03 - 2012-01-08 18:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 13:35 - 2013-07-20 13:35 - 00000000 ____D C:\Users\andy\AppData\Roaming\WindSolutions
2013-07-20 13:33 - 2013-07-20 13:33 - 08249273 ____R C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip
2013-07-20 13:21 - 2012-10-18 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 13:20 - 2013-07-20 13:20 - 00000952 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 13:07 - 2012-07-19 15:16 - 00000000 ____D C:\Users\andy\Desktop\Fotos
2013-07-20 12:44 - 2012-02-22 16:34 - 00000186 _____ C:\Users\andy\AppData\Roaming\wklnhst.dat
2013-07-20 12:41 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Musik
2013-07-20 12:40 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Programme
2013-07-20 12:27 - 2013-07-20 12:27 - 00001700 _____ C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk
2013-07-20 12:27 - 2013-02-16 14:03 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-07-20 12:17 - 2006-11-02 17:42 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-20 12:10 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Spiele
2013-07-17 12:55 - 2012-04-26 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-16 21:55 - 2013-07-16 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-16 21:53 - 2012-11-17 23:59 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2013-07-16 16:02 - 2012-08-06 16:02 - 00000250 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2013-07-16 15:58 - 2012-01-08 18:30 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 15:58 - 2012-01-08 18:30 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 21:33 - 2013-07-10 21:33 - 00262144 _____ C:\Windows\Minidump\Mini071013-01.dmp
2013-07-10 21:33 - 2013-02-20 19:47 - 00000000 ____D C:\Windows\Minidump
2013-07-10 21:32 - 2013-02-20 19:47 - 652037851 _____ C:\Windows\MEMORY.DMP
2013-06-26 21:40 - 2013-06-26 21:40 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-06-26 21:40 - 2012-11-20 19:39 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-06-26 21:40 - 2012-11-19 18:14 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-26 21:40 - 2012-11-10 14:47 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-25 20:26 - 2013-06-18 21:15 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2013-06-25 20:21 - 2013-06-25 20:21 - 00000000 ____D C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338}

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\U
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106

ZeroAccess:
C:\Users\andy\AppData\Local\649deb8e
C:\Users\andy\AppData\Local\649deb8e\@
C:\Users\andy\AppData\Local\649deb8e\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 12:25

==================== End Of Log ============================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2013
Ran by andy at 2013-07-24 12:44:59
Running from C:\Users\andy\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer eDataSecurity Management (x32 Version: 3.0.3065)
Acer Empowering Technology (x32 Version: 3.0.3011)
Acer Product Registration (x32 Version: 3.0.0.10)
Acer ScreenSaver (x32 Version: 4.01.0718)
Activision(R) (x32 Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Akamai NetSession Interface (HKCU)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Ashampoo 3D CAD Professional 3 (x32 Version: 3.0.2)
ATI AVIVO64 Codecs (Version: 11.6.0.51118)
ATI Catalyst Registration (x32 Version: 3.00.0000)
ATI Problem Report Wizard (Version: 3.0.800.0)
AutoCAD Plant 3D 2011 Language Pack - Deutsch (Version: 2.0.37.00)
AVG Security Toolbar (x32 Version: 15.3.0.11)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Bing Bar (x32 Version: 6.3.2348.0)
Bing Bar Platform (x32 Version: 6.3.2348.0)
Bonjour (Version: 2.0.5.0)
C:\Program Files (x86)\Acer GameZone\GameConsole (x32 Version: 2.0.1.4)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0214.2218.39913)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.0214.2217.39913)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.0214.2217.39913)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.0214.2217.39913)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.0214.2217.39913)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.0214.2217.39913)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.0214.2217.39913)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.0214.2217.39913)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.0214.2217.39913)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.0214.2217.39913)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.0214.2217.39913)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.0214.2217.39913)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.0214.2217.39913)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.0214.2218.39913)
ccc-utility64 (Version: 2012.1219.1521.27485)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
DAEMON Tools Toolbar (x32 Version: 1.1.4.0024)
DATA BECKER BewerbungsGenie 7 (x32 Version: 6.0.10.49)
Delta toolbar   (x32 Version: 1.8.21.5)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Dishonored German (c) Bethesda version 1 (x32 Version: 1)
Document Express DjVu Plug-in (x32 Version: 6.1.27549)
Dolby Control Center (Version: 1.1.0601)
dolp_demo (x32 Version: 1.0.0.0)
DraftSight (x32 Version: 8.4.274)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
EDIMAX Edimax Wireless LAN (x32 Version: 1.0.3.0)
Epson Easy Photo Print 2 (x32 Version: 2.3.2.0)
Epson Event Manager (x32 Version: 2.30.00)
Epson Print CD (x32 Version: 2.00.00)
Epson Printer Software Downloader (x32 Version: 2.0.0)
Epson Printer Software Downloader (x32)
EPSON Scan (x32)
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch (x32)
EpsonNet Print (x32 Version: 2.4i)
EpsonNet Setup (x32 Version: 3.1a)
eSobi v2 (x32 Version: 2.0.3.000201)
FINAL FANTASY VII (x32 Version: 1.0)
FluidSIM 4.2n Pneumatik Demoversion (x32)
FoxTab Media Player (HKCU)
Free MP4 Video Converter version 5.0.24.430 (x32 Version: 5.0.24.430)
Free-Jahreskalender 2013 (x32 Version: 9.00.2013)
Geeks3D.com FurMark 1.9.0 (x32)
Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0 (x32 Version: 1.0)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Update Helper (x32 Version: 1.3.21.153)
HydraVision (x32 Version: 4.2.184.0)
IB Updater Service (Version: 3.0.5.4)
Ice Age 3 Die Dinosaurier sind los(TM) (x32 Version: 1.00.0000)
iLivid (x32 Version: 4.0.0.2466)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004)
iTunes (Version: 10.3.1.55)
Java Auto Updater (x32 Version: 2.1.5.3)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
Java(TM) 7 Update 2 (x32 Version: 7.0.20)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kalenderchen 5 (x32)
LEGO® Star Wars™: Die Komplette Saga (x32 Version: 1.00.0000)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access database engine 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 08.05.0822)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
minimal arts - Toolbar für amazon.de (x32 Version: 1.0.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NTI Backup Now 5 (x32 Version: 5.1.2.616)
NTI Backup Now Standard (x32 Version: 5.1.2.616)
NTI Media Maker 8 (x32 Version: 8.0.2.6509)
NVIDIA Drivers
NVIDIA PhysX (x32 Version: 9.09.1112)
ON PX710W Series Printer Uninstall
PassportPhoto (remove) (HKCU)
phonostar-Player Version 3.02.7 (x32)
PokerStars.eu (x32)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
PS3 Media Server (x32 Version: 1.52.1)
QuickTime (x32 Version: 7.73.80.64)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5704)
REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0175)
Rockstar Games Social Club (x32 Version: 1.0.9.5)
Screenshot Captor 2.88.01 (x32)
Segoe UI (x32 Version: 15.4.2271.0615)
StarCraft II (x32 Version: 2.0.8.25604)
Streamripper (Remove only) (x32)
Sweet Home 3D version 4.0 (x32)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007)
SweetPacks bundle uninstaller (x32 Version: 1.0.0000)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000)
The War Z version 1.0 (x32 Version: 1.0)
Trojan Killer (x32 Version: 2.1.5.4)
Uniblue RegistryBooster 2010 (x32)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
UseNeXT by Tangysoft (x32)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 0.9.9 (x32 Version: 0.9.9)
Web Assistant 2.0.0.478 (Version: 2.0.0.478)
WhiteCap (x32 Version: 5.7.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8050.1202)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinFunktion Mathematik plus 19 (x32 Version: 1.00.0000)
WinRAR 4.00 (64-Bit) (Version: 4.00.0)
WinX Free MP4 to WMV Converter 4.1.3 (x32)
World of Tanks v.0.7.1 (x32)
XP Codec Pack (x32)

==================== Restore Points  =========================

21-06-2013 12:10:17 Geplanter Prüfpunkt
20-07-2013 12:34:51 Geplanter Prüfpunkt
20-07-2013 16:06:49 Removed Apple Application Support
20-07-2013 16:07:37 Removed Apple Software Update
20-07-2013 16:08:02 Removed Bonjour
20-07-2013 16:09:05 Removed iTunes
20-07-2013 16:12:02 Removed QuickTime
20-07-2013 16:22:08 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
20-07-2013 16:22:42 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
20-07-2013 16:23:22 Installed iTunes
21-07-2013 12:06:56 Geplanter Prüfpunkt
21-07-2013 19:49:57 Installed Free MKV to MP4 Converter
24-07-2013 09:46:12 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0FAB4149-C18F-4330-8DB0-14FA898BB2FD} - System32\Tasks\EPUpdater => C:\Users\andy\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-05-09] ()
Task: {1407D4DE-8E14-45FC-9B72-87E1ADB83CB7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1ADF0A84-9505-405C-AF6E-85C18D440FFF} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23] (SEIKO EPSON CORPORATION)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {37819B81-B5B6-4DA8-8C61-22CFE4F665A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe No File
Task: {4E7BD2E8-BBC9-4AB5-AEE2-DE6057348886} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {5AD377E2-BAC0-4C22-B9A1-CD0808331AC6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-09-30] (Sun Microsystems, Inc.)
Task: {6C5F1E5E-DA7F-4D02-908D-132AE0B63619} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B743BA1-1E7F-4EC2-95C4-9BBEE1892D96} - System32\Tasks\DSite => C:\Users\andy\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {922531D1-EC78-477B-8E1E-3D87ECAEDF43} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {A10CCCD9-C249-43D9-ADFE-40C3791823B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {B937F521-5611-4ECF-AC58-C1FAFCDE78B0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {BCB5E6E2-48A5-42EE-92BD-668EBB00F6CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08] (Google Inc.)
Task: {D0EDC67A-3F36-4AFB-B73E-6936137AFC1B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DF71AB72-180F-4664-9D6C-2B78E1413FA1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{1BEE157C-8355-4D7B-B940-5B5F742ACEEE}.exe No File
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F40A7189-5D64-48E2-9696-4E5ED133B997} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{1BEE157C-8355-4D7B-B940-5B5F742ACEEE}.exe
Task: C:\Windows\Tasks\DSite.job => ?
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2013 00:08:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 00:08:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 00:05:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 11:46:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Zugriff verweigert

Error: (07/24/2013 11:43:02 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 11:43:02 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 11:41:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 11:22:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 11:13:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 11:13:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.


System errors:
=============
Error: (07/24/2013 00:44:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:44:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:34:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:34:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:24:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:24:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:14:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:14:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:06:52 PM) (Source: Service Control Manager) (User: )
Description: PnP-X-IP-BusauflistungFunktionssuchanbieter-Host%%1058

Error: (07/24/2013 00:05:08 PM) (Source: Service Control Manager) (User: )
Description: ntiomin


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-23 13:25:30.280
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:30.186
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:30.077
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.983
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.890
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.796
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.531
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.328
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8190.32 MB
Available physical RAM: 5745.76 MB
Total Pagefile: 16577.63 MB
Available Pagefile: 13766.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:458.46 GB) (Free:211.15 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:458.41 GB) (Free:410.1 GB) NTFS (Disk=0 Partition=3)
Drive e: (My Disc) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 676C2876)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 24.07.2013, 11:56   #4
Andy1987x
 
Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! - Standard

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by andy (administrator) on 24-07-2013 12:44:27
Running from C:\Users\andy\Desktop\Neuer Ordner
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Tanuki Software, Ltd.) C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Windows\system32\locator.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Windows\SysWOW64\java.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
(Akamai Technologies, Inc.) C:\Users\andy\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Edimax Technology Co.) C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Akamai Technologies, Inc.) C:\Users\andy\AppData\Local\Akamai\netsession_win.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] - Skytel.exe [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [HydraVisionMDEngine] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe [569344 2010-11-18] (AMD)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\andy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Epson Stylus Photo PX710W(Netzwerk)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SC574.tmp" /EF "HKCU" [x]
HKCU\...\Run: [phonostar-PlayerTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2012-10-13] ()
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-18] (AMD)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n. ATTENTION! ====> ZeroAccess?
MountPoints2: L - L:\LANLauncher.exe
MountPoints2: {87924176-839d-11e0-8df8-00226838da8f} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\EDIMAX\Common\RaUI.exe (Edimax Technology Co.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.avg.com/?cid=&mid=&lang=&ds=&pr=&d=&v=&sap=hp
hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711
URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB
SearchScopes: HKCU - {480895A8-4E1F-46BA-B874-676ECAEBF0AA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6C8252B8-767D-4525-9222-039C5FFDE6D0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=dbd9583e-4199-4dcf-8b1a-9ca10cad4d52&apn_sauid=7F56338C-2D7E-4469-9A40-138FC4BA9D34
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={4504E953-4B99-4BD8-83B3-9C3BE5D7DC4F}&mid=193e01731d4f47d0ad83d16b2edc337c-9a17b43a29ba30b5145348a65b47eabb4e5f0f45&lang=de&ds=tt014&pr=sa&d=2012-11-10 13:47:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyFw6p1KD&i=26
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: MimalaAmazonToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Mimala Amazon Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default
FF user.js: detected! => C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=121562&tt=gc_&babsrc=NT_ss&mntrId=4406000E2EB7C6AB
FF Homepage: hxxp://www.goggle.de/
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-25.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\mixidj.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF Extension: Toolbar für amazon.de - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\0001.amztoolbar@minimalarts.de
FF Extension: Lyrics-Monkey - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\122
FF Extension: AVG Security Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\avg@toolbar
FF Extension: Babylon - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@babylon.com
FF Extension: Delta Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@delta.com
FF Extension: incredibar.com - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@incredibar.com
FF Extension: Ashampoo DE Community Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{5786d022-540e-4699-b350-b4be0ae94b79}
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: ciuvo-extension - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\andy\AppData\Roaming\5025
FF Extension: Java String Helper - C:\Users\andy\AppData\Roaming\5025

Chrome: 
=======
CHR HomePage: 		"homepage":	"",
CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=4406000E2EB7C6AB"
CHR Plugin: (				"name":	"Remoting Viewer",) - 				"path":	"internal-remoting-viewer",
CHR Plugin: (				"name":	"Native Client",) - 				"path":	"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll", No File
CHR Plugin: (				"name":	"Chrome PDF Viewer",) - 				"path":	"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll", No File
CHR Plugin: (				"name":	"Shockwave Flash",) - 				"path":	"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll", No File
CHR Plugin: (				"name":	"Shockwave Flash",) - 				"path":	"C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll", No File
CHR Plugin: (				"name":	"Adobe Acrobat",) - 				"path":	"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll", No File
CHR Plugin: (				"name":	"Java Deployment Toolkit 6.0.260.3",) - 				"path":	"C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll", No File
CHR Plugin: (				"name":	"Java(TM) Platform SE 6 U26",) - 				"path":	"C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll", No File
CHR Plugin: (				"name":	"Microsoft® Windows Media Player Firefox Plugin",) - 				"path":	"C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll", No File
CHR Plugin: (				"name":	"DjVu Plugin Viewer",) - 				"path":	"C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll", No File
CHR Plugin: (				"name":	"2007 Microsoft Office system",) - 				"path":	"C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll", No File
CHR Plugin: (				"name":	"QuickTime Plug-in 7.6.9",) - 				"path":	"C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll", No File
CHR Plugin: (				"name":	"fluxDVD Browser Plugin",) - 				"path":	"C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll", No File
CHR Plugin: (				"name":	"Google Update",) - 				"path":	"C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll", No File
CHR Plugin: (				"name":	"Windows Live® Photo Gallery",) - 				"path":	"C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll", No File
CHR Plugin: (				"name":	"iTunes Application Detector",) - 				"path":	"C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll", No File
CHR Plugin: (				"name":	"Protect Disc License Acquisition Plugin",) - 				"path":	"C:\Users\andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll", No File
CHR Plugin: (				"name":	"Windows Presentation Foundation",) - 				"path":	"c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll", No File
CHR Plugin: (				"name":	"Default Plug-in",) - 				"path":	"default_plugin", No File
CHR Extension: (TV) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0
CHR Extension: (YouTube) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Digital Clock) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0
CHR Extension: (avast! WebRep) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (SweetIM for Facebook) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0
CHR Extension: () - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19
CHR Extension: (Lyrics-Monkey) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122
CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0
CHR Extension: (Sprocket Rocket) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0
CHR Extension: (AVG Secure Search) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0
CHR Extension: (Gmail) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG)
S3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes)
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-10-01] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3889424 2011-08-01] (INCA Internet Co., Ltd.)
R2 PS3 Media Server; C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-17] (Tanuki Software, Ltd.)
R2 RalinkRegistryWriter; C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe [69632 2008-05-12] (Ralink Technology, Corp.)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search)
S4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-08-23] ()
S2 IBUpdaterService; %SystemRoot%\system32\dmwu.exe [x]
S2 WebOptimizer; %SystemRoot%\system32\dmwu.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-05] (DT Soft Ltd)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2008-07-22] (NVIDIA Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [55640 2006-09-18] (Realtek Semiconductor Corporation                           )
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows (R) Win 7 DDK provider)
R2 VBoxDrv; C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys [203864 2010-07-15] (Oracle Corporation)
S3 dump_wmimmc; \??\C:\AeriaGames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S1 ntiomin; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-24 12:41 - 2013-07-24 12:41 - 00000955 _____ C:\Users\andy\Desktop\Continue Zip Opener Installation.lnk
2013-07-24 11:01 - 2013-07-24 11:01 - 00000000 ____D C:\FRST
2013-07-23 11:24 - 2013-07-23 11:25 - 00000000 ____D C:\Users\andy\AppData\Local\Dirty
2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\YVwAvuyo
2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\QOzRNmaj
2013-07-21 21:51 - 2013-07-21 21:51 - 00000000 ____D C:\Users\andy\AppData\Roaming\FSC
2013-07-21 21:48 - 2013-07-23 12:09 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-07-21 13:00 - 2013-07-21 15:44 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner (2)
2013-07-20 18:24 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files\iPod(37)
2013-07-20 18:24 - 2013-07-20 18:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-20 18:23 - 2013-07-20 18:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update(0)
2013-07-20 18:21 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files\Bonjour(36)
2013-07-20 18:21 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files (x86)\Bonjour(17)
2013-07-20 13:35 - 2013-07-20 13:35 - 00000000 ____D C:\Users\andy\AppData\Roaming\WindSolutions
2013-07-20 13:34 - 2013-07-20 18:03 - 00000000 ____D C:\ProgramData\WindSolutions
2013-07-20 13:33 - 2013-07-20 13:33 - 08249273 ____R C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip
2013-07-20 13:20 - 2013-07-20 13:20 - 00000952 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 12:27 - 2013-07-20 12:27 - 00001700 _____ C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk
2013-07-20 12:26 - 2013-07-24 12:44 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner
2013-07-20 12:07 - 2013-07-20 19:10 - 00000000 ____D C:\Users\andy\Desktop\Spartacus
2013-07-20 12:03 - 2013-07-23 12:11 - 00000000 ____D C:\Users\andy\Desktop\Filme
2013-07-20 12:03 - 2013-07-20 12:41 - 00000000 ____D C:\Users\andy\Desktop\Musik
2013-07-20 12:03 - 2013-07-20 12:40 - 00000000 ____D C:\Users\andy\Desktop\Programme
2013-07-20 12:03 - 2013-07-20 12:10 - 00000000 ____D C:\Users\andy\Desktop\Spiele
2013-07-16 19:54 - 2013-07-16 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-10 21:33 - 2013-07-10 21:33 - 00262144 _____ C:\Windows\Minidump\Mini071013-01.dmp
2013-06-26 21:40 - 2013-06-26 21:40 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-06-25 20:21 - 2013-06-25 20:21 - 00000000 ____D C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338}

==================== One Month Modified Files and Folders =======

2013-07-24 12:44 - 2013-07-20 12:26 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner
2013-07-24 12:41 - 2013-07-24 12:41 - 00000955 _____ C:\Users\andy\Desktop\Continue Zip Opener Installation.lnk
2013-07-24 12:21 - 2012-07-01 20:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 12:11 - 2008-01-21 13:10 - 01452956 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 12:11 - 2008-01-21 13:09 - 00631120 _____ C:\Windows\system32\perfh007.dat
2013-07-24 12:11 - 2008-01-21 13:09 - 00127462 _____ C:\Windows\system32\perfc007.dat
2013-07-24 12:06 - 2012-07-02 16:34 - 00101414 _____ C:\Users\andy\Sti_Trace.log
2013-07-24 12:03 - 2013-07-20 18:24 - 00000000 ____D C:\Program Files\iPod(37)
2013-07-24 12:03 - 2013-07-20 18:21 - 00000000 ____D C:\Program Files\Bonjour(36)
2013-07-24 12:03 - 2013-07-20 18:21 - 00000000 ____D C:\Program Files (x86)\Bonjour(17)
2013-07-24 12:03 - 2013-06-03 18:47 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-24 12:03 - 2012-02-19 19:13 - 00000000 ____D C:\Users\andy\Desktop\PS3 Media Server
2013-07-24 12:03 - 2012-01-08 18:30 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 12:03 - 2011-04-04 23:17 - 00000000 ____D C:\Users\andy
2013-07-24 12:03 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 12:03 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 12:03 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 12:03 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-07-24 12:02 - 2006-11-02 14:33 - 90439680 _____ C:\Windows\system32\config\software_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 45088768 _____ C:\Windows\system32\config\components_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 31457280 _____ C:\Windows\system32\config\system_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 00057344 _____ C:\Windows\system32\config\sam_previous
2013-07-24 12:02 - 2006-11-02 14:33 - 00020480 _____ C:\Windows\system32\config\security_previous
2013-07-24 11:54 - 2013-05-28 18:56 - 00000000 ____D C:\Users\andy\AppData\Roaming\Delta
2013-07-24 11:54 - 2013-03-11 20:47 - 00000000 ____D C:\Users\andy\AppData\Roaming\Kalenderchen
2013-07-24 11:54 - 2013-02-19 20:45 - 00000000 ____D C:\Users\andy\AppData\Local\iLivid
2013-07-24 11:54 - 2013-02-01 18:06 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-24 11:54 - 2013-02-01 18:03 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-24 11:54 - 2013-01-23 19:27 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSTATIK
2013-07-24 11:54 - 2012-12-30 18:49 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
2013-07-24 11:54 - 2012-12-30 18:20 - 00000000 ____D C:\Users\andy\Documents\StarCraft II
2013-07-24 11:54 - 2012-07-21 13:08 - 00000000 ____D C:\Users\andy\AppData\Local\MicrosoftStore
2013-07-24 11:54 - 2012-07-01 20:44 - 00000000 ____D C:\Users\andy\AppData\Roaming\mp3DirectCut
2013-07-24 11:54 - 2012-05-14 22:03 - 00000000 ____D C:\Users\andy\AppData\Roaming\ICQ Search
2013-07-24 11:54 - 2012-02-17 19:08 - 00000000 ____D C:\Users\andy\AppData\Roaming\DVDVideoSoft
2013-07-24 11:54 - 2012-01-30 00:15 - 00000000 ____D C:\Users\andy\AppData\Local\Akamai
2013-07-24 11:54 - 2012-01-08 18:31 - 00000000 ____D C:\Users\andy\AppData\Roaming\PhotoScape
2013-07-24 11:54 - 2011-11-10 23:02 - 00000000 ____D C:\Users\andy\AppData\Local\PokerStars.EU
2013-07-24 11:54 - 2011-10-30 18:53 - 00000000 ____D C:\Users\andy\AppData\Roaming\gtk-2.0
2013-07-24 11:54 - 2011-10-30 18:39 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouWave_Android
2013-07-24 11:54 - 2011-09-08 22:20 - 00000000 ____D C:\Users\andy\AppData\Roaming\5025
2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files\iTunes
2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files\iPod
2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-24 11:54 - 2011-06-14 17:48 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\ProgramData\Apple
2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\Program Files\Bonjour
2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-24 11:54 - 2011-06-14 15:03 - 00000000 ____D C:\AutoCAD Plant 3D 2011 Content
2013-07-24 11:54 - 2011-06-13 10:46 - 00000000 ____D C:\AiO-Files
2013-07-24 11:54 - 2011-05-26 22:38 - 00000000 ____D C:\Users\andy\AppData\Local\Microsoft Help
2013-07-24 11:54 - 2011-05-23 17:31 - 00000000 ____D C:\Users\andy\AppData\Local\PokerStars.NET
2013-07-24 11:54 - 2011-04-23 23:26 - 00000000 ____D C:\Users\andy\AppData\Roaming\ProtectDISC
2013-07-24 11:54 - 2011-04-21 07:24 - 00000000 ____D C:\Users\andy\AppData\Roaming\dvdcss
2013-07-24 11:54 - 2011-04-20 20:38 - 00000000 ____D C:\Users\andy\AppData\Roaming\vlc
2013-07-24 11:54 - 2011-04-08 15:22 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-24 11:54 - 2011-04-05 20:59 - 00000000 ____D C:\Users\andy\AppData\Roaming\Gutscheinmieze
2013-07-24 11:54 - 2011-04-05 19:25 - 00000000 ____D C:\Users\andy\Documents\UseNeXT
2013-07-24 11:54 - 2011-04-04 23:21 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-24 11:54 - 2011-04-04 23:17 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-07-24 11:54 - 2011-04-04 23:17 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-24 11:54 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2013-07-24 11:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2013-07-24 11:41 - 2011-04-04 23:08 - 01509939 _____ C:\Windows\WindowsUpdate.log
2013-07-24 11:22 - 2011-09-28 13:02 - 00001356 _____ C:\Users\andy\AppData\Local\d3d9caps.dat
2013-07-24 11:10 - 2008-01-21 05:26 - 07011402 _____ C:\Windows\PFRO.log
2013-07-24 11:01 - 2013-07-24 11:01 - 00000000 ____D C:\FRST
2013-07-23 12:11 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Filme
2013-07-23 12:09 - 2013-07-21 21:48 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-07-23 11:57 - 2013-02-16 14:03 - 00000000 ____D C:\Users\andy\AppData\Roaming\UseNeXT
2013-07-23 11:37 - 2009-01-23 12:39 - 00000000 ____D C:\Program Files (x86)\Acer Arcade Live
2013-07-23 11:25 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\Dirty
2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\YVwAvuyo
2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\QOzRNmaj
2013-07-23 11:24 - 2012-07-30 08:49 - 00000000 ____D C:\Users\andy\AppData\Local\{34E010AB-4EBA-4C22-80AA-8510855D73D4}
2013-07-21 21:51 - 2013-07-21 21:51 - 00000000 ____D C:\Users\andy\AppData\Roaming\FSC
2013-07-21 21:49 - 2006-11-02 15:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-21 21:49 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-07-21 15:44 - 2013-07-21 13:00 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner (2)
2013-07-20 19:10 - 2013-07-20 12:07 - 00000000 ____D C:\Users\andy\Desktop\Spartacus
2013-07-20 19:10 - 2011-08-18 21:22 - 00025473 _____ C:\Windows\setupact.log
2013-07-20 18:24 - 2013-07-20 18:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-20 18:23 - 2013-07-20 18:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update(0)
2013-07-20 18:03 - 2013-07-20 13:34 - 00000000 ____D C:\ProgramData\WindSolutions
2013-07-20 14:03 - 2012-01-08 18:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 13:35 - 2013-07-20 13:35 - 00000000 ____D C:\Users\andy\AppData\Roaming\WindSolutions
2013-07-20 13:33 - 2013-07-20 13:33 - 08249273 ____R C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip
2013-07-20 13:21 - 2012-10-18 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 13:20 - 2013-07-20 13:20 - 00000952 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 13:07 - 2012-07-19 15:16 - 00000000 ____D C:\Users\andy\Desktop\Fotos
2013-07-20 12:44 - 2012-02-22 16:34 - 00000186 _____ C:\Users\andy\AppData\Roaming\wklnhst.dat
2013-07-20 12:41 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Musik
2013-07-20 12:40 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Programme
2013-07-20 12:27 - 2013-07-20 12:27 - 00001700 _____ C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk
2013-07-20 12:27 - 2013-02-16 14:03 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-07-20 12:17 - 2006-11-02 17:42 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-20 12:10 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Spiele
2013-07-17 12:55 - 2012-04-26 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-16 21:55 - 2013-07-16 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-16 21:53 - 2012-11-17 23:59 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2013-07-16 16:02 - 2012-08-06 16:02 - 00000250 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2013-07-16 15:58 - 2012-01-08 18:30 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 15:58 - 2012-01-08 18:30 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 21:33 - 2013-07-10 21:33 - 00262144 _____ C:\Windows\Minidump\Mini071013-01.dmp
2013-07-10 21:33 - 2013-02-20 19:47 - 00000000 ____D C:\Windows\Minidump
2013-07-10 21:32 - 2013-02-20 19:47 - 652037851 _____ C:\Windows\MEMORY.DMP
2013-06-26 21:40 - 2013-06-26 21:40 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-06-26 21:40 - 2012-11-20 19:39 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-06-26 21:40 - 2012-11-19 18:14 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-26 21:40 - 2012-11-10 14:47 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-25 20:26 - 2013-06-18 21:15 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2013-06-25 20:21 - 2013-06-25 20:21 - 00000000 ____D C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338}

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\U
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106

ZeroAccess:
C:\Users\andy\AppData\Local\649deb8e
C:\Users\andy\AppData\Local\649deb8e\@
C:\Users\andy\AppData\Local\649deb8e\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 12:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2013
Ran by andy at 2013-07-24 12:44:59
Running from C:\Users\andy\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer eDataSecurity Management (x32 Version: 3.0.3065)
Acer Empowering Technology (x32 Version: 3.0.3011)
Acer Product Registration (x32 Version: 3.0.0.10)
Acer ScreenSaver (x32 Version: 4.01.0718)
Activision(R) (x32 Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Akamai NetSession Interface (HKCU)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Ashampoo 3D CAD Professional 3 (x32 Version: 3.0.2)
ATI AVIVO64 Codecs (Version: 11.6.0.51118)
ATI Catalyst Registration (x32 Version: 3.00.0000)
ATI Problem Report Wizard (Version: 3.0.800.0)
AutoCAD Plant 3D 2011 Language Pack - Deutsch (Version: 2.0.37.00)
AVG Security Toolbar (x32 Version: 15.3.0.11)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Bing Bar (x32 Version: 6.3.2348.0)
Bing Bar Platform (x32 Version: 6.3.2348.0)
Bonjour (Version: 2.0.5.0)
C:\Program Files (x86)\Acer GameZone\GameConsole (x32 Version: 2.0.1.4)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0214.2218.39913)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.0214.2217.39913)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.0214.2217.39913)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.0214.2217.39913)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.0214.2217.39913)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.0214.2217.39913)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.0214.2217.39913)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.0214.2217.39913)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.0214.2217.39913)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.0214.2217.39913)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.0214.2217.39913)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.0214.2217.39913)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.0214.2217.39913)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.0214.2218.39913)
ccc-utility64 (Version: 2012.1219.1521.27485)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
DAEMON Tools Toolbar (x32 Version: 1.1.4.0024)
DATA BECKER BewerbungsGenie 7 (x32 Version: 6.0.10.49)
Delta toolbar   (x32 Version: 1.8.21.5)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Dishonored German (c) Bethesda version 1 (x32 Version: 1)
Document Express DjVu Plug-in (x32 Version: 6.1.27549)
Dolby Control Center (Version: 1.1.0601)
dolp_demo (x32 Version: 1.0.0.0)
DraftSight (x32 Version: 8.4.274)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
EDIMAX Edimax Wireless LAN (x32 Version: 1.0.3.0)
Epson Easy Photo Print 2 (x32 Version: 2.3.2.0)
Epson Event Manager (x32 Version: 2.30.00)
Epson Print CD (x32 Version: 2.00.00)
Epson Printer Software Downloader (x32 Version: 2.0.0)
Epson Printer Software Downloader (x32)
EPSON Scan (x32)
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch (x32)
EpsonNet Print (x32 Version: 2.4i)
EpsonNet Setup (x32 Version: 3.1a)
eSobi v2 (x32 Version: 2.0.3.000201)
FINAL FANTASY VII (x32 Version: 1.0)
FluidSIM 4.2n Pneumatik Demoversion (x32)
FoxTab Media Player (HKCU)
Free MP4 Video Converter version 5.0.24.430 (x32 Version: 5.0.24.430)
Free-Jahreskalender 2013 (x32 Version: 9.00.2013)
Geeks3D.com FurMark 1.9.0 (x32)
Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0 (x32 Version: 1.0)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Update Helper (x32 Version: 1.3.21.153)
HydraVision (x32 Version: 4.2.184.0)
IB Updater Service (Version: 3.0.5.4)
Ice Age 3 Die Dinosaurier sind los(TM) (x32 Version: 1.00.0000)
iLivid (x32 Version: 4.0.0.2466)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004)
iTunes (Version: 10.3.1.55)
Java Auto Updater (x32 Version: 2.1.5.3)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
Java(TM) 7 Update 2 (x32 Version: 7.0.20)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kalenderchen 5 (x32)
LEGO® Star Wars™: Die Komplette Saga (x32 Version: 1.00.0000)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access database engine 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 08.05.0822)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
minimal arts - Toolbar für amazon.de (x32 Version: 1.0.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NTI Backup Now 5 (x32 Version: 5.1.2.616)
NTI Backup Now Standard (x32 Version: 5.1.2.616)
NTI Media Maker 8 (x32 Version: 8.0.2.6509)
NVIDIA Drivers
NVIDIA PhysX (x32 Version: 9.09.1112)
ON PX710W Series Printer Uninstall
PassportPhoto (remove) (HKCU)
phonostar-Player Version 3.02.7 (x32)
PokerStars.eu (x32)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
PS3 Media Server (x32 Version: 1.52.1)
QuickTime (x32 Version: 7.73.80.64)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5704)
REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0175)
Rockstar Games Social Club (x32 Version: 1.0.9.5)
Screenshot Captor 2.88.01 (x32)
Segoe UI (x32 Version: 15.4.2271.0615)
StarCraft II (x32 Version: 2.0.8.25604)
Streamripper (Remove only) (x32)
Sweet Home 3D version 4.0 (x32)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007)
SweetPacks bundle uninstaller (x32 Version: 1.0.0000)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000)
The War Z version 1.0 (x32 Version: 1.0)
Trojan Killer (x32 Version: 2.1.5.4)
Uniblue RegistryBooster 2010 (x32)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
UseNeXT by Tangysoft (x32)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 0.9.9 (x32 Version: 0.9.9)
Web Assistant 2.0.0.478 (Version: 2.0.0.478)
WhiteCap (x32 Version: 5.7.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8050.1202)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinFunktion Mathematik plus 19 (x32 Version: 1.00.0000)
WinRAR 4.00 (64-Bit) (Version: 4.00.0)
WinX Free MP4 to WMV Converter 4.1.3 (x32)
World of Tanks v.0.7.1 (x32)
XP Codec Pack (x32)

==================== Restore Points  =========================

21-06-2013 12:10:17 Geplanter Prüfpunkt
20-07-2013 12:34:51 Geplanter Prüfpunkt
20-07-2013 16:06:49 Removed Apple Application Support
20-07-2013 16:07:37 Removed Apple Software Update
20-07-2013 16:08:02 Removed Bonjour
20-07-2013 16:09:05 Removed iTunes
20-07-2013 16:12:02 Removed QuickTime
20-07-2013 16:22:08 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
20-07-2013 16:22:42 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
20-07-2013 16:23:22 Installed iTunes
21-07-2013 12:06:56 Geplanter Prüfpunkt
21-07-2013 19:49:57 Installed Free MKV to MP4 Converter
24-07-2013 09:46:12 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0FAB4149-C18F-4330-8DB0-14FA898BB2FD} - System32\Tasks\EPUpdater => C:\Users\andy\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-05-09] ()
Task: {1407D4DE-8E14-45FC-9B72-87E1ADB83CB7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1ADF0A84-9505-405C-AF6E-85C18D440FFF} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23] (SEIKO EPSON CORPORATION)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {37819B81-B5B6-4DA8-8C61-22CFE4F665A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe No File
Task: {4E7BD2E8-BBC9-4AB5-AEE2-DE6057348886} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {5AD377E2-BAC0-4C22-B9A1-CD0808331AC6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-09-30] (Sun Microsystems, Inc.)
Task: {6C5F1E5E-DA7F-4D02-908D-132AE0B63619} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B743BA1-1E7F-4EC2-95C4-9BBEE1892D96} - System32\Tasks\DSite => C:\Users\andy\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {922531D1-EC78-477B-8E1E-3D87ECAEDF43} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {A10CCCD9-C249-43D9-ADFE-40C3791823B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {B937F521-5611-4ECF-AC58-C1FAFCDE78B0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {BCB5E6E2-48A5-42EE-92BD-668EBB00F6CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08] (Google Inc.)
Task: {D0EDC67A-3F36-4AFB-B73E-6936137AFC1B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DF71AB72-180F-4664-9D6C-2B78E1413FA1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{1BEE157C-8355-4D7B-B940-5B5F742ACEEE}.exe No File
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F40A7189-5D64-48E2-9696-4E5ED133B997} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{1BEE157C-8355-4D7B-B940-5B5F742ACEEE}.exe
Task: C:\Windows\Tasks\DSite.job => ?
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2013 00:08:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 00:08:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 00:05:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 11:46:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Zugriff verweigert

Error: (07/24/2013 11:43:02 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 11:43:02 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 11:41:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 11:22:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 11:13:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (07/24/2013 11:13:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.


System errors:
=============
Error: (07/24/2013 00:44:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:44:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:34:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:34:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:24:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:24:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:14:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:14:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 00:06:52 PM) (Source: Service Control Manager) (User: )
Description: PnP-X-IP-BusauflistungFunktionssuchanbieter-Host%%1058

Error: (07/24/2013 00:05:08 PM) (Source: Service Control Manager) (User: )
Description: ntiomin


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-23 13:25:30.280
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:30.186
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:30.077
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.983
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.890
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.796
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.531
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-23 13:25:29.328
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8190.32 MB
Available physical RAM: 5745.76 MB
Total Pagefile: 16577.63 MB
Available Pagefile: 13766.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:458.46 GB) (Free:211.15 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:458.41 GB) (Free:410.1 GB) NTFS (Disk=0 Partition=3)
Drive e: (My Disc) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 676C2876)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
so die letzen zwei müüsen richtig sein .

Was muss ich jetzt tun?

Alt 24.07.2013, 12:02   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! - Standard

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!



Dein Rechner ist gant schön verseucht. Wir können den bereinigen. Aber alle Fotos und andere Sachen, die veschlüsselt sind, sind futsch. Keine Chance die zu entschlüsseln.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.07.2013, 12:28   #6
Andy1987x
 
Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! - Standard

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!



Und jetzt.... ich brauche die Fotos!

Kann man gar nix mehr machen?

Alt 24.07.2013, 14:39   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! - Standard

Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!



Nein. Die Entschlüsselungscodes hierfür liegen auf Online-Servern der Malware-Schreiber. Diese sind aber offline, also keine Chance da ran zu kommen.

Du kannst die irgendwo speichern. Vielleicht hast Du Glück, irgendwann kommt ne neue Infektionswelle und man erwischt nen Dropper der auf nen noch gültigen Server linkt, dann kann man evtl an den Code rankommen.

Das Einzige was wir hier machen können ist den Rechner bereinigen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!
akamai, antivir, avg security toolbar, avira, becker, bho, bonjour, cid, converter, desktop, error, firefox, flash player, home, install.exe, logfile, mozilla, mp3, object, plug-in, preferences, problem, realtek, scan, secure search, senden, software, trojaner, usb, virus, vista, visual studio, vtoolbarupdater




Ähnliche Themen: Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!


  1. Dirty Decrypt
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (13)
  2. Adserverplus Virus, kann ich leider nicht löschen und bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (9)
  3. Kann Dateien nach Virus nicht mehr öffnen HILFE BITTE
    Log-Analyse und Auswertung - 13.06.2012 (1)
  4. Windows-Verschlüsselung Trojaner - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (11)
  5. Bitte um Hilfe,mein Avira zeigt alle 2 minuten Trojaner an
    Plagegeister aller Art und deren Bekämpfung - 24.06.2009 (5)
  6. kann malware nicht entfernen. bitte hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 20.04.2009 (1)
  7. Virus/Trojaner nicht löschbar (Fehler beim löschen) Bitte um Hilfe
    Log-Analyse und Auswertung - 16.12.2008 (0)
  8. TR/Vundo.Gen Trojaner den ich nicht löschen kann bitte um Hilfe
    Log-Analyse und Auswertung - 08.10.2008 (1)
  9. Alle Desktopsymbole sind weg kann nichts mehr machen, bitte um Hilfe...
    Plagegeister aller Art und deren Bekämpfung - 19.06.2008 (6)
  10. Toolbar selbst installiert - kann nicht entfernt werden - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 29.07.2007 (11)
  11. trojaner/virus nicht löschbar!! bitte hilfe :(
    Antiviren-, Firewall- und andere Schutzprogramme - 19.06.2007 (14)
  12. Kann trojaner nicht löschen-bitte hilfe!
    Log-Analyse und Auswertung - 13.04.2006 (10)
  13. Logfile - kann es nicht interpretieren - Bitte um Hilfe
    Log-Analyse und Auswertung - 07.02.2006 (2)
  14. BITTE HILFE, das kann doch nicht sein
    Alles rund um Windows - 19.01.2006 (58)
  15. kann Internet Explorer Startseite nicht änden. Bitte um Hilfe
    Log-Analyse und Auswertung - 29.10.2005 (14)
  16. Bitte um Hilfe: kann Wurm nicht finden
    Log-Analyse und Auswertung - 11.08.2005 (2)
  17. Ich kann Netbios nicht abschalten,bitte um Hilfe
    Alles rund um Windows - 21.02.2005 (5)

Zum Thema Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! - OTL logfile created on: 24.07.2013 12:14:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andy\Desktop\Neuer Ordner 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!...
Archiv
Du betrachtest: Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.