Trojaner-Board - Trojan.Ramson.Gen

Hallo, hier der Inhalt der Textdatei von OTL.
Vielen Dank für Antwort.
lg
7hofer

OTL Logfile:

Code:

OTL logfile created on: 19.09.2012 19:37:02 - Run 1

OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\Christian\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1,74 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,64% Memory free

3,61 Gb Paging File | 0,85 Gb Available in Paging File | 23,58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284,99 Gb Total Space | 136,26 Gb Free Space | 47,81% Space Free | Partition Type: NTFS

 

Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.19 19:31:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.08.11 08:45:49 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

PRC - [2012.08.11 08:45:48 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.08.11 08:45:48 | 000,304,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe

PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.02 00:22:53 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe

PRC - [2011.11.01 16:40:04 | 001,053,056 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

PRC - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

PRC - [2011.10.27 11:33:32 | 000,148,016 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

PRC - [2011.10.27 11:33:14 | 000,151,088 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclIVTBTSrv.exe

PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.02.13 11:19:15 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe

PRC - [2010.10.20 13:52:41 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2010.08.23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2010.06.29 00:22:46 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe

PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe

PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2009.09.02 09:44:22 | 000,315,478 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe

PRC - [2009.09.02 09:41:24 | 001,466,476 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.15 18:07:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012.06.15 18:07:17 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012.05.13 18:46:30 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll

MOD - [2012.05.13 18:44:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012.05.13 18:43:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012.05.13 18:43:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012.05.13 18:43:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012.05.13 18:43:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012.05.13 18:43:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011.11.01 16:42:14 | 000,392,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll

MOD - [2011.11.01 16:42:12 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll

MOD - [2011.11.01 16:42:08 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll

MOD - [2011.11.01 16:42:06 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll

MOD - [2011.11.01 16:41:38 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll

MOD - [2011.11.01 16:41:36 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll

MOD - [2011.11.01 16:41:34 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll

MOD - [2011.11.01 16:41:32 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll

MOD - [2011.11.01 16:41:30 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll

MOD - [2011.11.01 16:41:24 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll

MOD - [2011.11.01 16:41:22 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll

MOD - [2011.11.01 16:41:20 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll

MOD - [2011.11.01 16:41:18 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll

MOD - [2011.11.01 16:41:16 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll

MOD - [2011.11.01 16:41:14 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll

MOD - [2011.11.01 16:41:12 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll

MOD - [2011.11.01 16:41:10 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll

MOD - [2011.11.01 16:41:06 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll

MOD - [2011.11.01 16:40:56 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll

MOD - [2011.11.01 16:40:54 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll

MOD - [2011.11.01 16:40:52 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll

MOD - [2011.11.01 16:40:08 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll

MOD - [2011.11.01 16:40:00 | 000,438,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll

MOD - [2011.11.01 16:39:36 | 001,041,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll

MOD - [2011.11.01 16:39:06 | 000,740,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll

MOD - [2011.11.01 15:57:42 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll

MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.10.20 13:52:41 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe

MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.08.15 19:27:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.08.07 13:21:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.02.13 11:19:15 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)

SRV - [2010.10.08 22:24:28 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009.09.02 09:46:18 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2009.09.02 09:41:24 | 001,466,476 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.11.16 13:02:21 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)

DRV:64bit: - [2011.11.16 13:02:17 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)

DRV:64bit: - [2011.11.16 13:02:17 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)

DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.08.17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2011.08.17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2011.08.17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2011.08.17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.17 21:27:49 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011.02.17 21:27:49 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011.02.17 21:27:49 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011.02.17 21:27:49 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011.02.17 21:27:49 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010.07.21 17:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2010.05.07 06:34:48 | 000,032,256 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)

DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.10.22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\67230212.sys -- (67230212)

DRV:64bit: - [2009.10.22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\48158582.sys -- (48158582)

DRV:64bit: - [2009.10.22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\41502502.sys -- (41502502)

DRV:64bit: - [2009.10.22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\10158242.sys -- (10158242)

DRV:64bit: - [2009.10.09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\4815858.sys -- (setup_9.0.0.722_04.07.2012_12-35drv)

DRV:64bit: - [2009.09.25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\67230211.sys -- (67230211)

DRV:64bit: - [2009.09.25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\48158581.sys -- (48158581)

DRV:64bit: - [2009.09.25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\41502501.sys -- (41502501)

DRV:64bit: - [2009.09.25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\10158241.sys -- (10158241)

DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009.08.28 16:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)

DRV:64bit: - [2009.08.28 16:04:44 | 000,047,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)

DRV:64bit: - [2009.08.26 11:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)

DRV:64bit: - [2009.08.26 11:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV:64bit: - [2009.08.26 11:16:44 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)

DRV:64bit: - [2009.08.26 11:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.17 14:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)

DRV:64bit: - [2009.06.17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2007.11.08 11:29:22 | 000,527,872 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009.06.17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.11.08 11:30:08 | 000,454,656 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PAC7302.sys -- (PAC7302)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=171&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=171&systemid=406&sr=0&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\SearchScopes\{2CE6F823-A451-4969-AD4F-7E3C65A81B79}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F6AA327E-AF5E-44EF-BF91-8B52673F3681&apn_sauid=C19FFC73-755A-4B8C-9A27-6A0D0D7F57B2

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=171&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\SearchScopes\{B1FBF42D-BEB8-401E-8088-44EFDB48D20E}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deAT432

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\..\SearchScopes,DefaultScope = {75CA330F-C88D-4494-9337-B6B17F243246}

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\..\SearchScopes\{75CA330F-C88D-4494-9337-B6B17F243246}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\..\SearchScopes\{B1FBF42D-BEB8-401E-8088-44EFDB48D20E}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de

IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "https://www.google.at/"

FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.14.1.0

FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=171&systemid=406&sr=0&q="

FF - prefs.js..network.proxy.type: 0

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "https://www.google.at/"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_6.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2011.12.18 19:11:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Christian\AppData\Local\RewardsArcade\498\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 13:21:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.02 21:39:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2011.05.22 15:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions

[2012.09.18 08:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\wm32e4ew.default\extensions

[2012.08.10 19:28:07 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\wm32e4ew.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

[2012.07.10 03:13:33 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\wm32e4ew.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2012.09.18 08:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\wm32e4ew.default\extensions\staged

[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\wm32e4ew.default\searchplugins\askcom.xml

[2012.03.11 13:05:55 | 000,002,519 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\wm32e4ew.default\searchplugins\Search_Results.xml

[2012.07.09 08:46:32 | 000,003,997 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\wm32e4ew.default\searchplugins\sweetim.xml

[2012.07.11 06:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.08.07 13:21:34 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.10.13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.11 13:05:55 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3:64bit: - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001..\Run: []  File not found

O4 - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKU\S-1-5-21-2507537638-1687071285-4268118958-1003..\Run: [] C:\Users\Silvia\AppData\Local\Temp\zfguvbsoiblghw.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk =  File not found

O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.07.2012_12-35.lnk = C:\Users\Christian\Desktop\DE-Cleaner powered by Kaspersky1\setup_9.0.0.722_04.07.2012_12-35\startup.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E5DF62D-267D-49EA-973C-16C3D99FC23A}: DhcpNameServer = 10.0.0.138 10.0.0.138

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: SMR162 - Service

SafeBootNet:64bit: SMR300 - Service

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: SMR162 - Service

SafeBootNet: SMR300 - Service

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.19 19:32:32 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

[2012.09.18 06:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.19 19:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.09.19 19:31:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

[2012.09.19 19:08:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.19 18:48:16 | 000,005,052 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI

[2012.09.19 18:48:11 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe

[2012.09.19 18:48:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.09.19 18:22:25 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.19 06:48:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\twabt.pad

[2012.09.18 23:55:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.18 23:55:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.18 20:08:14 | 000,000,921 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini

[2012.09.18 20:08:14 | 000,000,104 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI

[2012.09.18 07:01:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll

[2012.09.18 07:01:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2012.09.18 07:01:16 | 1401,978,880 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.18 06:58:56 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll

[2012.09.18 06:58:32 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe

[2012.09.18 06:37:34 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.09.17 22:00:27 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.16 17:58:59 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.09.16 17:58:59 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.09.16 17:58:59 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.09.16 17:58:59 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.09.16 17:58:58 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.17 21:54:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\twabt.pad

[2012.05.22 20:04:07 | 000,000,257 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI

[2012.05.22 20:03:48 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI

[2012.05.22 19:41:45 | 000,005,052 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI

[2012.05.22 19:41:36 | 000,000,104 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI

[2012.05.22 19:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI

[2012.02.14 21:56:54 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2012.02.14 21:53:08 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2011.12.20 10:22:32 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe

[2011.11.07 20:45:32 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI

[2011.11.07 20:24:34 | 000,006,144 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.25 18:52:37 | 000,000,291 | ---- | C] () -- C:\Windows\SysWow64\Remover.ini

[2011.03.25 18:52:32 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini

[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.01.01 11:26:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.12.05 20:28:30 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.10.20 13:52:47 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2010.10.20 13:52:47 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe

[2010.10.20 13:52:47 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini

[2010.09.24 08:52:54 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010.09.24 08:52:54 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010.09.24 08:52:54 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010.09.24 08:52:54 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2010.09.24 08:52:53 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010.09.24 08:00:00 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll

[2010.09.24 07:59:09 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

 
 ========== ZeroAccess Check ==========

 

[2011.10.29 21:03:22 | 003,239,936 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2507537638-1687071285-4268118958-1001\$RBTJAXR\Radio Bemba Sound System\11-EZLN...Para tod@s todo.mp3

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 
 ========== LOP Check ==========

 

[2011.12.28 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Azureus

[2011.05.20 17:03:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe_Limited

[2012.02.12 11:46:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon

[2010.12.15 20:44:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Desktopicon

[2012.03.25 11:48:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon

[2012.03.25 11:50:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft

[2012.04.14 14:28:19 | 000,000,000 | -H-D | M] -- C:\Users\Christian\AppData\Roaming\IFViewer

[2011.08.06 09:53:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nikon

[2010.12.29 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org

[2012.02.19 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OTRHomeloader

[2011.12.18 19:12:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite

[2012.02.19 20:22:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Raptr

[2011.06.04 10:16:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung

[2012.02.19 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Shareaza

[2012.07.21 08:15:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client

[2011.11.19 21:30:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird

[2010.12.05 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP

[2011.06.15 18:35:06 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Amazon

[2011.12.23 10:44:51 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Canneverbe_Limited

[2012.02.12 11:22:23 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Canon

[2012.09.07 20:48:40 | 000,000,000 | -H-D | M] -- C:\Users\Silvia\AppData\Roaming\IFViewer

[2010.12.24 11:07:44 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\OpenOffice.org

[2011.12.19 02:18:33 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\PC Suite

[2011.06.04 10:07:15 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Samsung

[2012.09.17 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\SoftGrid Client

[2011.11.20 15:54:19 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Thunderbird

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.12.05 20:13:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe

[2012.05.16 19:48:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Avira

[2011.12.28 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Azureus

[2011.05.20 17:03:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe_Limited

[2012.02.12 11:46:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon

[2010.12.15 20:44:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Desktopicon

[2012.03.25 11:48:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon

[2012.03.25 11:50:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft

[2011.05.22 10:45:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Google

[2010.12.05 19:15:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities

[2012.04.14 14:28:19 | 000,000,000 | -H-D | M] -- C:\Users\Christian\AppData\Roaming\IFViewer

[2010.12.05 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Intel Corporation

[2010.12.05 19:16:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia

[2012.07.09 08:50:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes

[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs

[2012.07.12 06:35:09 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft

[2011.05.22 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla

[2012.02.29 19:03:26 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\NCH Software

[2011.08.06 09:53:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nikon

[2010.12.29 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org

[2012.02.19 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OTRHomeloader

[2011.12.18 19:12:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite

[2012.02.19 20:22:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Raptr

[2011.06.04 10:16:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung

[2012.02.19 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Shareaza

[2012.04.15 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Skype

[2012.07.21 08:15:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client

[2011.11.19 21:30:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird

[2010.12.05 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP

 
 < %APPDATA%\*.exe /s >

[2011.12.20 23:02:35 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Christian\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe

[2010.12.15 20:44:17 | 000,031,836 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Desktopicon\uninst.exe

[2012.03.25 11:48:47 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe

[2007.08.29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe

[2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 
 < MD5 for: AGP440.SYS  >

[2003.06.19 13:05:04 | 006,586,449 | ---- | M] () .cab file -- C:\Daten\Downloads Updates\W2K-SP\SP4\i386\new\sp4.cab:AGP440.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Daten\Windws XP\VRMHOEM_DE (E)\I386\sp2.cab:AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2003.06.19 13:05:04 | 006,586,449 | ---- | M] () .cab file -- C:\Daten\Downloads Updates\W2K-SP\SP4\i386\new\sp4.cab:atapi.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Daten\Windws XP\VRMHOEM_DE (E)\I386\sp2.cab:atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010.04.13 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys

[2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys

[2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys

[2010.04.13 03:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2011.05.14 08:34:15 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2011.05.14 08:34:15 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2012.06.29 02:27:10 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

[2011.05.14 08:34:15 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 < %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >

[2012.07.12 06:30:49 | 000,000,174 | -HS- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

[2010.12.29 20:51:54 | 000,001,243 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

[2012.07.06 09:21:34 | 000,002,363 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.07.2012_12-35.lnk

 
 < %APPDATA%\*AcroIEH*.* >

 
 < %APPDATA%\*.exe >

 
 < %APPDATA%\*.tmp >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 16 bytes -> C:\Users\Christian\Downloads:Shareaza.GUID
 

< End of report >

--- --- ---

Hallo, also nochmal vielen Dank für die ausführliche Anleitung.

Hier die einzelnen Logfiles:

Vielen Dank
lg
7hofer

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2CE6F823-A451-4969-AD4F-7E3C65A81B79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CE6F823-A451-4969-AD4F-7E3C65A81B79}\ not found.
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B1FBF42D-BEB8-401E-8088-44EFDB48D20E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1FBF42D-BEB8-401E-8088-44EFDB48D20E}\ not found.
HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\Software\Microsoft\Internet Explorer\SearchScopes\{75CA330F-C88D-4494-9337-B6B17F243246}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75CA330F-C88D-4494-9337-B6B17F243246}\ not found.
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B1FBF42D-BEB8-401E-8088-44EFDB48D20E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1FBF42D-BEB8-401E-8088-44EFDB48D20E}\ not found.
HKU\S-1-5-21-2507537638-1687071285-4268118958-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "https://www.google.at/" removed from browser.startup.homepage
Prefs.js: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.14.1.0 removed from extensions.enabledAddons
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=171&systemid=406&sr=0&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "Ask.com" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "Google" removed from sweetim.toolbar.previous.browser.search.selectedEngine
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk moved successfully.
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.07.2012_12-35.lnk moved successfully.
C:\Users\Christian\Desktop\DE-Cleaner powered by Kaspersky1\setup_9.0.0.722_04.07.2012_12-35\startup.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1003\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Windows\SysWow64\sho32EF.tmp deleted successfully.
C:\Windows\SysWow64\sho5C05.tmp deleted successfully.
C:\Windows\SysWow64\sho721.tmp deleted successfully.
C:\ProgramData\twabt.pad moved successfully.
Unable to delete ADS C:\Users\Christian\Downloads:Shareaza.GUID .
C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\wm32e4ew.default\searchplugins\askcom.xml moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\wm32e4ew.default\searchplugins\Search_Results.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\wm32e4ew.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Christian\*.tmp not found.
File\Folder C:\Users\Christian\AppData\Local\{*} not found.
C:\Users\Christian\AppData\Local\Temp\ApnStub.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\jinstaller142_19.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\mp3el.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\mp3el2.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\MSETUP4.EXE moved successfully.
C:\Users\Christian\AppData\Local\Temp\MSN59F4.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\openssl.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\prismsetup.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\raptrpatch.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\scs.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\Shortcut_sweetimsetup.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\SIMEEIInstaller.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\uninst.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\vpsetup.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\zipsetup.exe moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christian\Desktop\cmd.bat deleted successfully.
C:\Users\Christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christian
->Temp folder emptied: 687395736 bytes
->Temporary Internet Files folder emptied: 511596304 bytes
->FireFox cache emptied: 192838010 bytes
->Flash cache emptied: 15503 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Silvia
->Temp folder emptied: 724494529 bytes
->Temporary Internet Files folder emptied: 329817901 bytes
->Java cache emptied: 4128145 bytes
->FireFox cache emptied: 1138040691 bytes
->Flash cache emptied: 82273 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 379856735 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 7609518365 bytes

Total Files Cleaned = 11.042,00 mb

OTL by OldTimer - Version 3.2.64.0 log created on 09222012_094603

Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Silvia\AppData\Local\Temp\CVHLauncher(2012092209310816B0).log not found!
File\Folder C:\Users\Silvia\AppData\Local\Temp\Einverständiserklärung WW_05_09.doc not found!
C:\Users\Silvia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Silvia\AppData\Local\Temp\~DFF27ED07322277618.TMP not found!
C:\Users\Silvia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7E9589EA-5EC9-4FF5-A28E-E193DF24662A}.tmp moved successfully.
C:\Users\Silvia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{97C209A0-4B64-48A1-9994-C28214DB905B}.tmp moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christian :: CHRISTIAN-PC [Administrator]

22.09.2012 11:21:10
mbam-log-2012-09-22 (11-21-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 412633
Laufzeit: 2 Stunde(n), 11 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

# AdwCleaner v2.002 - Datei am 09/22/2012 um 14:02:09 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\DealPly
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\Users\Christian\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Christian\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Christian\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Christian\AppData\Roaming\Desktopicon
Ordner Gefunden : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\ConduitCommon
Ordner Gefunden : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gefunden : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\extensions\staged
Ordner Gefunden : C:\Users\Silvia\AppData\LocalLow\AskToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\prefs.js

Gefunden : user_pref("CT2504091..clientLogIsEnabled", false);
Gefunden : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Gefunden : user_pref("CT2504091.CTID", "CT2504091");
Gefunden : user_pref("CT2504091.CurrentServerDate", "19-9-2012");
Gefunden : user_pref("CT2504091.DSInstall", false);
Gefunden : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2504091.DialogsGetterLastCheckTime", "Mon Sep 17 2012 22:23:26 GMT+0200");
Gefunden : user_pref("CT2504091.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2504091.EMailNotifierPollDate", "Tue Dec 20 2011 22:11:30 GMT+0100");
Gefunden : user_pref("CT2504091.EnableClickToSearchBox", false);
Gefunden : user_pref("CT2504091.EnableSearchHistory", false);
Gefunden : user_pref("CT2504091.EnableSearchSuggest", false);
Gefunden : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Gefunden : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Dec 20 2011 21:56:29 GMT+0100");
Gefunden : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Dec 20 2011 21:56:29 GMT+0100");
Gefunden : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gefunden : user_pref("CT2504091.FirstServerDate", "20-12-2011");
Gefunden : user_pref("CT2504091.FirstTime", true);
Gefunden : user_pref("CT2504091.FirstTimeFF3", true);
Gefunden : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2504091.HPInstall", false);
Gefunden : user_pref("CT2504091.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2504091.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2504091.HomepageBeforeUnload", "hxxp://www.google.at/");
Gefunden : user_pref("CT2504091.Initialize", true);
Gefunden : user_pref("CT2504091.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2504091.InstallationId", "ConduitNSISIntegration");
Gefunden : user_pref("CT2504091.InstallationType", "ConduitXPEIntegration");
Gefunden : user_pref("CT2504091.InstalledDate", "Tue Dec 20 2011 21:56:28 GMT+0100");
Gefunden : user_pref("CT2504091.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2504091.IsGrouping", false);
Gefunden : user_pref("CT2504091.IsInitSetupIni", true);
Gefunden : user_pref("CT2504091.IsMulticommunity", false);
Gefunden : user_pref("CT2504091.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2504091.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2504091.LanguagePackLastCheckTime", "Wed Sep 19 2012 06:52:24 GMT+0200");
Gefunden : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2504091.LastLogin_3.13.0.6", "Tue Jul 17 2012 07:38:56 GMT+0200");
Gefunden : user_pref("CT2504091.LastLogin_3.14.1.0", "Wed Sep 19 2012 18:15:36 GMT+0200");
Gefunden : user_pref("CT2504091.LastLogin_3.8.1.0", "Wed Dec 21 2011 22:15:24 GMT+0100");
Gefunden : user_pref("CT2504091.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2504091.Locale", "en-us");
Gefunden : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2504091.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2504091.OriginalFirstVersion", "3.8.1.0");
Gefunden : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2504091.SearchBackToDefaultEngine", false);
Gefunden : user_pref("CT2504091.SearchCaption", "Web Search");
Gefunden : user_pref("CT2504091.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Gefunden : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gefunden : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Sep 19 2012 18:15:15 GMT+0200");
Gefunden : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2504091.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2504091.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT2504091.ServiceMapLastCheckTime", "Wed Sep 19 2012 18:15:23 GMT+0200");
Gefunden : user_pref("CT2504091.SettingsLastCheckTime", "Wed Sep 19 2012 18:16:37 GMT+0200");
Gefunden : user_pref("CT2504091.SettingsLastUpdate", "1347715795");
Gefunden : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Gefunden : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Dec 20 2011 21:56:27 GMT+0100");
Gefunden : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
Gefunden : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Gefunden : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2504091.UserID", "UN46660651023580388");
Gefunden : user_pref("CT2504091.ValidationData_Toolbar", 1);
Gefunden : user_pref("CT2504091.alertChannelId", "897164");
Gefunden : user_pref("CT2504091.approveUntrustedApps", false);
Gefunden : user_pref("CT2504091.autoDisableScopes", -1);
Gefunden : user_pref("CT2504091.components.1000034", false);
Gefunden : user_pref("CT2504091.components.129079840422182852", false);
Gefunden : user_pref("CT2504091.components.129079840422339107", false);
Gefunden : user_pref("CT2504091.components.129079840422964131", false);
Gefunden : user_pref("CT2504091.components.129079849636241789", false);
Gefunden : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Tue Dec 20 2011 21:56:28 GMT+0100");
Gefunden : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2504091.initDone", true);
Gefunden : user_pref("CT2504091.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2504091.isSearchProtectorNotifyChanges", false);
Gefunden : user_pref("CT2504091.myStuffEnabled", true);
Gefunden : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2504091.revertSettingsEnabled", true);
Gefunden : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2504091.testingCtid", "");
Gefunden : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Mon Sep 17 2012 22:23:26 GMT+0200");
Gefunden : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Tue Dec 20 2011 21:56:30 GMT+0100");
Gefunden : user_pref("CT2504091.undefined", "Tue Dec 20 2011 21:56:29 GMT+0100");
Gefunden : user_pref("CT2504091.usageEnabled", false);
Gefunden : user_pref("CT2504091.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/AT", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Christian\\AppData\\Roaming\\Mozill[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
Gefunden : user_pref("CommunityToolbar.globalUserId", "005a38a1-236a-4063-8419-00d5d7a2ad31");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 20 2011 21:56:3[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Dec 20 2011 22:59:23 GMT+010[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 20 2011 21:56:28 GMT+0100");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "3bc24607-dde7-4b36-99a2-906dff30bb73");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.at/");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appi[...]
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxps://www.google.at/");
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={6448[...]

Profilname : default
Datei : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\hbmif147.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R1].txt - [16982 octets] - [22/09/2012 14:02:09]

########## EOF - C:\AdwCleaner[R1].txt - [17043 octets] ##########

# AdwCleaner v2.002 - Datei am 09/22/2012 um 14:03:46 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Desktopicon
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\ConduitCommon
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\extensions\staged
Ordner Gelöscht : C:\Users\Silvia\AppData\LocalLow\AskToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\prefs.js

C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2504091..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "19-9-2012");
Gelöscht : user_pref("CT2504091.DSInstall", false);
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.DialogsGetterLastCheckTime", "Mon Sep 17 2012 22:23:26 GMT+0200");
Gelöscht : user_pref("CT2504091.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Tue Dec 20 2011 22:11:30 GMT+0100");
Gelöscht : user_pref("CT2504091.EnableClickToSearchBox", false);
Gelöscht : user_pref("CT2504091.EnableSearchHistory", false);
Gelöscht : user_pref("CT2504091.EnableSearchSuggest", false);
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Dec 20 2011 21:56:29 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Dec 20 2011 21:56:29 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "20-12-2011");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.HPInstall", false);
Gelöscht : user_pref("CT2504091.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2504091.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2504091.HomepageBeforeUnload", "hxxp://www.google.at/");
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2504091.InstallationId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2504091.InstallationType", "ConduitXPEIntegration");
Gelöscht : user_pref("CT2504091.InstalledDate", "Tue Dec 20 2011 21:56:28 GMT+0100");
Gelöscht : user_pref("CT2504091.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsInitSetupIni", true);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Wed Sep 19 2012 06:52:24 GMT+0200");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_3.13.0.6", "Tue Jul 17 2012 07:38:56 GMT+0200");
Gelöscht : user_pref("CT2504091.LastLogin_3.14.1.0", "Wed Sep 19 2012 18:15:36 GMT+0200");
Gelöscht : user_pref("CT2504091.LastLogin_3.8.1.0", "Wed Dec 21 2011 22:15:24 GMT+0100");
Gelöscht : user_pref("CT2504091.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2504091.OriginalFirstVersion", "3.8.1.0");
Gelöscht : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2504091.SearchBackToDefaultEngine", false);
Gelöscht : user_pref("CT2504091.SearchCaption", "Web Search");
Gelöscht : user_pref("CT2504091.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Sep 19 2012 18:15:15 GMT+0200");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2504091.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2504091.ServiceMapLastCheckTime", "Wed Sep 19 2012 18:15:23 GMT+0200");
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Wed Sep 19 2012 18:16:37 GMT+0200");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1347715795");
Gelöscht : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Dec 20 2011 21:56:27 GMT+0100");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
Gelöscht : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Gelöscht : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2504091.UserID", "UN46660651023580388");
Gelöscht : user_pref("CT2504091.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.approveUntrustedApps", false);
Gelöscht : user_pref("CT2504091.autoDisableScopes", -1);
Gelöscht : user_pref("CT2504091.components.1000034", false);
Gelöscht : user_pref("CT2504091.components.129079840422182852", false);
Gelöscht : user_pref("CT2504091.components.129079840422339107", false);
Gelöscht : user_pref("CT2504091.components.129079840422964131", false);
Gelöscht : user_pref("CT2504091.components.129079849636241789", false);
Gelöscht : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Tue Dec 20 2011 21:56:28 GMT+0100");
Gelöscht : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2504091.initDone", true);
Gelöscht : user_pref("CT2504091.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2504091.isSearchProtectorNotifyChanges", false);
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2504091.testingCtid", "");
Gelöscht : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Mon Sep 17 2012 22:23:26 GMT+0200");
Gelöscht : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Tue Dec 20 2011 21:56:30 GMT+0100");
Gelöscht : user_pref("CT2504091.undefined", "Tue Dec 20 2011 21:56:29 GMT+0100");
Gelöscht : user_pref("CT2504091.usageEnabled", false);
Gelöscht : user_pref("CT2504091.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/AT", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Christian\\AppData\\Roaming\\Mozill[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "005a38a1-236a-4063-8419-00d5d7a2ad31");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 20 2011 21:56:3[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Dec 20 2011 22:59:23 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 20 2011 21:56:28 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "3bc24607-dde7-4b36-99a2-906dff30bb73");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.at/");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appi[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxps://www.google.at/");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={6448[...]

Profilname : default
Datei : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\hbmif147.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R1].txt - [17105 octets] - [22/09/2012 14:02:09]
AdwCleaner[S1].txt - [17805 octets] - [22/09/2012 14:03:46]

########## EOF - C:\AdwCleaner[S1].txt - [17866 octets] ##########