Trojaner-Board - GVU Trojaner mit Kamera

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - GVU Trojaner mit Kamera (https://www.trojaner-board.de/120085-gvu-trojaner-kamera.html)

GVU Trojaner mit Kamera

Hallo,
hab (hatte?) mir den GVU Trojaner mit Kamera eingefangen.
Habs zuerst erfolglos mit Kaspersky Windowsunlocker versucht. Hat nix gebracht.
Dann aus abgesicherten Modus Sys-Wiederherstellung.

Anschließend dann (in dieser Reihenfolge:)
Ad-Aware - 15 Funde (wo finde ich denn die LOG Datei?)
Antivir - 0 Funde
SpyBot - 0 Funde
Im Moment läuft Malwarebytes.
HiJackThis hab ich auch mal laufen lassen. War lt. Auswertung nichts gefährliches dabei.

Meine Hoffnung ist nun natürlich, das der Lap sauber ist, weil AntiVir und SpyBot ja nichts mehr gefunden haben. Eine komplette Neuinstallation wäre schon sehr anstrengend und ich wüßte auch gar nicht, was ich neben meinen Dokumenten etc. alles sichern sollte (Einstellungen etc.) und wie ich verhinder, nicht ausversehen noch infizierte Dateien mitzusichern?

Für Hilfe und Ratschläge wäre ich sehr dankbar. Hier die Logs von AntiVir und Spybot (von AdAware ginde ich nur nen nutzlosen Kurbericht?!?). Malwarebytes folgt wenn fertig.

Schonmal vielen Dank im Voraus!

AntiVir Log:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 22. Juli 2012 02:52

Es wird nach 3911053 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ACER-NETBOOK

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 27.06.2012 06:22:27
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 06:26:20
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 06:26:20
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 06:26:20
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 06:26:20
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 06:26:20
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 06:26:20
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 06:26:20
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 06:26:20
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 06:26:20
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 06:26:46
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 06:25:44
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 06:36:00
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 06:36:04
VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 06:44:22
VBASE019.VDF : 7.11.36.45 118784 Bytes 13.07.2012 06:44:22
VBASE020.VDF : 7.11.36.107 123904 Bytes 16.07.2012 06:44:25
VBASE021.VDF : 7.11.36.147 238592 Bytes 17.07.2012 06:44:26
VBASE022.VDF : 7.11.36.209 135168 Bytes 19.07.2012 06:44:30
VBASE023.VDF : 7.11.37.19 116224 Bytes 21.07.2012 10:06:52
VBASE024.VDF : 7.11.37.20 2048 Bytes 21.07.2012 10:06:52
VBASE025.VDF : 7.11.37.21 2048 Bytes 21.07.2012 10:06:53
VBASE026.VDF : 7.11.37.22 2048 Bytes 21.07.2012 10:06:53
VBASE027.VDF : 7.11.37.23 2048 Bytes 21.07.2012 10:06:53
VBASE028.VDF : 7.11.37.24 2048 Bytes 21.07.2012 10:06:53
VBASE029.VDF : 7.11.37.25 2048 Bytes 21.07.2012 10:06:53
VBASE030.VDF : 7.11.37.26 2048 Bytes 21.07.2012 10:06:54
VBASE031.VDF : 7.11.37.28 2048 Bytes 21.07.2012 10:06:54
Engineversion : 8.2.10.118
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 06:36:06
AESCRIPT.DLL : 8.1.4.34 455035 Bytes 21.07.2012 10:06:56
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 27.06.2012 06:22:27
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.3.0.16 807287 Bytes 21.07.2012 10:06:55
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 21.07.2012 10:06:55
AEHEUR.DLL : 8.1.4.76 5063031 Bytes 21.07.2012 10:06:55
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 05:56:53
AEGEN.DLL : 8.1.5.34 434548 Bytes 21.07.2012 10:06:54
AEEXP.DLL : 8.1.0.68 86389 Bytes 21.07.2012 10:06:56
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 06:36:06
AECORE.DLL : 8.1.27.2 201078 Bytes 11.07.2012 06:36:05
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Auszulassende Dateien.................: C:\Program Files (x86)\CSJ,

Beginn des Suchlaufs: Sonntag, 22. Juli 2012 02:52

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SpybotSD.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'fwupdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdAware.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'adawarebp.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.EXE' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'MediaServer.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCalendarSync.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'DAVSRV.EXE' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'snuvcdsm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SBAMSvc.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'msftesql.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdAwareService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\TVersity Codec Pack\uninst.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files (x86)\gs\gs9.05\uninstgs.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '8613' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Program Files (x86)\CSS3 Menu\icons\aesthetica.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\border-blue.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\brilliance.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\cherry.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\chrome.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\circle-blue.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\color-web.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\coquette.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\coquette2.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\crystal.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\danish.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\glossy.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\mango.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\marmalade.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\mobile.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\round-vista.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\silk1.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\silk2.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\simple.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\sunny.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\tango.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\vista.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Android.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Blocks.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Charge.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Compact Gray.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Core.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Current.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Elegant.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Enterprise.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Fair.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Frame.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Fresh.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Gradient Gray.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Mac.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Mercury.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Modern.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Neon.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Point.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Rise.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Rounded Alpha.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Simple.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Stream.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Toolbars.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\gs\gs9.05\uninstgs.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S5.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S5.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S5.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S5.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\TuneUp Utilities 2012\data\VistaDefault.tbs
[WARNUNG] Der Archivheader ist defekt
C:\Program Files (x86)\TuneUp Utilities 2012\data\VistaDefault.tla
[WARNUNG] Der Archivheader ist defekt
C:\Program Files (x86)\TuneUp Utilities 2012\data\VistaDefault.tls
[WARNUNG] Der Archivheader ist defekt
C:\Program Files (x86)\TVersity Codec Pack\uninst.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files (x86)\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdFLVPlayer.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdFLVPlayer1.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdFLVPlayer2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar1.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar3.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar4.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar5.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar6.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar7.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar8.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\WidgiToolbar.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\WidgiToolbar1.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\WidgiToolbar2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\WidgiToolbar3.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\JoeCool\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\JoeCool\Downloads\Steal-crypterREFUDEDBy20messi.rar
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt

Ende des Suchlaufs: Sonntag, 22. Juli 2012 06:36
Benötigte Zeit: 3:43:07 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

35754 Verzeichnisse wurden überprüft
1287755 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1287755 Dateien ohne Befall
9310 Archive wurden durchsucht
260 Warnungen
0 Hinweise
1101948 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

SpyBot Log

--- Search result list ---
Babylon.Toolbar: [SBI $E0B59C7B] Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $295D1CA8] Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Babylon.Toolbar: [SBI $D1EDD9CA] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Babylon

Widgi.Toolbar: [SBI $65C7C8B1] Shared DLL (-2147483648 Anwendungen) (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

Widgi.Toolbar: [SBI $5AE37010] Shared DLL (-2147483648 Anwendungen) (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-03-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-07-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-06-19 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-06-18 Includes\Malware.sbi (*)
2012-07-10 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-07-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-19 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-07-17 Includes\TrojansC-02.sbi (*)
2012-07-17 Includes\TrojansC-03.sbi (*)
2012-07-17 Includes\TrojansC-04.sbi (*)
2012-07-12 Includes\TrojansC-05.sbi (*)
2012-07-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)

--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Ad-Aware Antivirus
command: "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
file: C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Ad-Aware Browsing Protection
command: "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
file: C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA

Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: C98FF6C440E8967251F59C7919B505A1

Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 1F3FF6C062B311FE410EC89F6BFAC213

Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 348624
MD5: 382BBC7FE9D818B94FE5A8BAA7F4577E

Located: HK_LM:Run, CanonSolutionMenuEx
command: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
file: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
size: 1185112
MD5: 3B78ACCCAA5132638E7CF419F4A965C7

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
size: 30040
MD5: 0E34B7BB1FCF22BCC1E394D16F9E992B

Located: HK_LM:Run, IAStorIcon
command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
size: 283160
MD5: C0B97E53A0E39A48EEA2DCD500EEA07A

Located: HK_LM:Run, IJNetworkScanUtility
command: C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
file: C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
size: 140640
MD5: C14CF3A71C99E7AD48ECC928886317AC

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 444EB38A256BE60F2013488C49D2AB3F

Located: HK_LM:Run, KiesTrayAgent
command: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
file: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
size: 3521464
MD5: FEE45AD0B1EBF2C2D295B59BA593F6CD

Located: HK_LM:Run, LGODDFU
command: "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
file: C:\Program Files (x86)\lg_fwupdate\lgfw.exe
size: 27760
MD5: 9D56299FA5C9B3D9E67FF3ACB301139F

Located: HK_LM:Run, LManager
command: C:\Program Files (x86)\Launch Manager\LManager.exe
file: C:\Program Files (x86)\Launch Manager\LManager.exe
size: 825864
MD5: 5FB1BFA389CDF13F38607EB1EBAC3753

Located: HK_LM:Run, PLFSetL
command: C:\Windows\PLFSetL.exe
file: C:\Windows\PLFSetL.exe
size: 94208
MD5: 51FDB84B862BE121189F63D03FACA33C

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A

Located: HK_LM:Run, RemoteControl8
command: "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
file: C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
size: 91432
MD5: 28FD28A29C637C9AFEFE0A26E27C6DFE

Located: HK_LM:Run, ROC_roc_dec12
command: "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
file: C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, snuvcdsm
command: C:\Windows\snuvcdsm.exe
file: C:\Windows\snuvcdsm.exe
size: 27184
MD5: C56060DFFB2EECEA5CD98B56DE67D0B0

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4

Located: HK_LM:Run, Adobe ARM (DISABLED)
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096

Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: C98FF6C440E8967251F59C7919B505A1

Located: HK_LM:Run, EgisTecLiveUpdate (DISABLED)
command: "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
file: C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
size: 199464
MD5: EF533F9D1E4F51C783D4349A7C3F518F

Located: HK_LM:Run, LexwareInfoService (DISABLED)
command: C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
file: C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
size: 339240
MD5: 8FDD61D9F50DB1BE962C20D99F355BCF

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4

Located: HK_CU:RunOnce, adaware
where: .DEFAULT...
command: reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
file: C:\Windows\system32\reg.exe
size: 62464
MD5: D69A9ABBB0D795F21995C2F48C1EB560

Located: HK_CU:RunOnce, adaware_XP
where: .DEFAULT...
command: reg.exe delete "HKCU\Software\adaware" /f
file: C:\Windows\system32\reg.exe
size: 62464
MD5: D69A9ABBB0D795F21995C2F48C1EB560

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, 1&1_1&1 Office-Drive Manager
where: S-1-5-21-3899731673-2456997713-1197237625-1001...
command: "C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" /hide
file: C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE
size: 964688
MD5: EA2BF144B5D5018E92DC287F3BE7D06A

Located: HK_CU:Run, KiesHelper
where: S-1-5-21-3899731673-2456997713-1197237625-1001...
command: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
file: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, KiesPDLR
where: S-1-5-21-3899731673-2456997713-1197237625-1001...
command: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
file: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
size: 21432
MD5: 984F6749E0741C3F22D86C91B46177BE

Located: HK_CU:RunOnce, adaware
where: S-1-5-18...
command: reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
file: C:\Windows\system32\reg.exe
size: 62464
MD5: D69A9ABBB0D795F21995C2F48C1EB560

Located: HK_CU:RunOnce, adaware_XP
where: S-1-5-18...
command: reg.exe delete "HKCU\Software\adaware" /f
file: C:\Windows\system32\reg.exe
size: 62464
MD5: D69A9ABBB0D795F21995C2F48C1EB560

Located: Startup (allgemein), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E

--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 26.03.2012 17:39:00
Date (last access): 14.05.2012 18:40:04
Date (last write): 26.03.2012 17:39:00
Filesize: 75200
Attributes: archive
MD5: 885BA7AE8F650E7D7BCB5B966E00DDCE
CRC32: A0D904C3
Version: 9.5.1.283

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} (Canon Easy-WebPrint EX BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Canon Easy-WebPrint EX BHO
CLSID name: Canon Easy-WebPrint EX BHO
Path: C:\Program Files (x86)\Canon\Easy-WebPrint EX\
Long name: ewpexbho.dll
Short name:
Date (created): 14.11.2011 17:42:28
Date (last access): 14.11.2011 17:42:28
Date (last write): 08.11.2010 14:49:26
Filesize: 202144
Attributes: archive
MD5: E2C59B4BC4296C39EE41997482B14241
CRC32: 5EB04FBE
Version: 1.2.0.0

{6c97a91e-4524-4019-86af-2aa2d567bf5c} (Ad-Aware Security Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ad-Aware Security Toolbar
CLSID name: Ad-Aware Security Toolbar
Path: C:\Program Files (x86)\adawaretb\
Long name: adawareDx.dll
Short name: ADAWAR~2.DLL
Date (created): 11.04.2012 22:08:22
Date (last access): 21.07.2012 14:10:58
Date (last write): 11.04.2012 22:08:22
Filesize: 87440
Attributes: archive
MD5: 6B94578EE59FB048F573B9C8C4149FC7
CRC32: 18DD0785
Version: 1.0.0.20

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files (x86)\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GR469A~1.DLL
Date (created): 26.02.2009 19:36:54
Date (last access): 11.12.2011 12:13:50
Date (last write): 26.02.2009 19:36:54
Filesize: 2217832
Attributes: archive
MD5: 30DB64D316F502558DB2380F7343C9FD
CRC32: 152B40A2
Version: 12.0.6500.5000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID-Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID-Anmelde-Hilfsprogramm
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 30.03.2009 17:31:54
Date (last access): 25.12.2009 15:09:06
Date (last write): 30.03.2009 17:31:54
Filesize: 403824
Attributes: archive
MD5: 9144D1A2D7AC4CE489C863E11FC5E478
CRC32: 55343708
Version: 6.500.3146.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5

{E87806B5-E908-45FD-AF5E-957D83E58E68} (Softonic Helper Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Softonic Helper Object
CLSID name: Softonic Helper Object
Path: C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\
Long name: Softonic.dll
Short name:
Date (created): 15.03.2012 15:57:20
Date (last access): 19.05.2012 11:50:42
Date (last write): 15.03.2012 15:57:20
Filesize: 242384
Attributes: archive
MD5: 99E5B8DBF98FE9FDBB95EA2B8B43A305
CRC32: 5930E520
Version: 1.5.21.0

--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\Windows\Downloaded Program Files\QTPlugin.inf
Codebase: hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 24.10.2011 16:30:12
Date (last access): 26.02.2012 13:00:56
Date (last write): 24.10.2011 16:30:12
Filesize: 796520
Attributes: archive
MD5: CF31570FD81E28CC2D7CD11D6CE9F863
CRC32: A6507249
Version: 7.7.1.0

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWow64\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 12.01.2010 08:40:40
Date (last access): 07.03.2010 15:17:42
Date (last write): 12.01.2010 08:40:40
Filesize: 213272
Attributes: archive
MD5: 95244A5ECEFFF530AE1DF421018C6EF9
CRC32: E54EB77A
Version: 11.5.6.606

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5

--- Process list ---
PID: 0 ( 0) [System]
PID: 2784 (2408) C:\Windows\PLFSetI.exe
size: 200704
MD5: 0D3DFFA8BA3E63592FC2C652CF3B0E9C
PID: 2892 (2408) C:\Windows\snuvcdsm.exe
size: 27184
MD5: C56060DFFB2EECEA5CD98B56DE67D0B0
PID: 3012 (2408) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
size: 21432
MD5: 984F6749E0741C3F22D86C91B46177BE
PID: 3020 (2408) C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE
size: 964688
MD5: EA2BF144B5D5018E92DC287F3BE7D06A
PID: 3032 (2408) C:\Program Files (x86)\Skype\Phone\Skype.exe
size: 17417392
MD5: 62C847F150929CD0A7167CB7DC6E85C5
PID: 2132 (2408) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
PID: 2688 (3044) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
size: 91432
MD5: 28FD28A29C637C9AFEFE0A26E27C6DFE
PID: 2276 (3044) C:\Program Files (x86)\Launch Manager\LManager.EXE
size: 825864
MD5: 5FB1BFA389CDF13F38607EB1EBAC3753
PID: 4060 (3044) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
size: 283160
MD5: C0B97E53A0E39A48EEA2DCD500EEA07A
PID: 4260 (3044) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
size: 140640
MD5: C14CF3A71C99E7AD48ECC928886317AC
PID: 672 (3044) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 444EB38A256BE60F2013488C49D2AB3F
PID: 5156 (3044) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
size: 3521464
MD5: FEE45AD0B1EBF2C2D295B59BA593F6CD
PID: 5196 (3044) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
PID: 5208 (3044) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 348624
MD5: 382BBC7FE9D818B94FE5A8BAA7F4577E
PID: 5216 (3044) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA
PID: 6000 (1480) C:\PROGRA~2\AD-AWA~1\AdAware.exe
size: 18832264
MD5: 5E57EAB47E565BF754BCF99A410C3354
PID: 1756 (2364) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
size: 871536
MD5: 8667D9B4FFA3ABD1EC3D61004667E1DA
PID: 5928 (5196) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
size: 508136
MD5: 7C5A4D3222DEA5570C8F08EC7FC74199
PID: 6408 (2408) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 7040 (2408) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
size: 12997488
MD5: 0E5398084278E4CD84DDB0A2B646548D
PID: 3344 (2408) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 913888
MD5: D3C0837346C49095B8AF9EF54AD7E90A
PID: 4 ( 0) System
PID: 336 ( 4) smss.exe
PID: 484 ( 476) csrss.exe
PID: 536 ( 476) wininit.exe
size: 96256
PID: 556 ( 528) csrss.exe
PID: 600 ( 536) services.exe
PID: 624 ( 536) lsass.exe
PID: 632 ( 536) lsm.exe
PID: 684 ( 528) winlogon.exe
PID: 772 ( 600) svchost.exe
size: 20992
PID: 904 ( 600) svchost.exe
size: 20992
PID: 1012 ( 600) svchost.exe
size: 20992
PID: 380 ( 600) svchost.exe
size: 20992
PID: 488 ( 600) svchost.exe
size: 20992
PID: 1056 ( 600) svchost.exe
size: 20992
PID: 1180 ( 600) svchost.exe
size: 20992
PID: 1268 ( 380) wlanext.exe
size: 77312
PID: 1276 ( 484) conhost.exe
PID: 1348 ( 600) spoolsv.exe
PID: 1384 ( 600) sched.exe
PID: 1408 ( 600) svchost.exe
size: 20992
PID: 1480 ( 600) AdAwareService.exe
PID: 1516 ( 600) BTHSAmpPalService.exe
PID: 1540 ( 600) avguard.exe
PID: 1580 ( 600) AppleMobileDeviceService.exe
PID: 1640 ( 600) mDNSResponder.exe
PID: 1672 ( 600) BTHSSecurityMgr.exe
PID: 1700 ( 600) dgdersvc.exe
size: 95568
PID: 1780 ( 600) ePowerSvc.exe
PID: 1812 ( 600) EvtEng.exe
PID: 1836 ( 600) svchost.exe
size: 20992
PID: 1976 ( 600) C:\Windows\System32\taskhost.exe
PID: 1044 ( 600) GregHSRW.exe
PID: 1440 ( 600) ijplmsvc.exe
PID: 1636 ( 600) msftesql.exe
PID: 1888 ( 600) sqlservr.exe
PID: 2164 ( 600) svchost.exe
size: 20992
PID: 2212 ( 600) svchost.exe
size: 20992
PID: 2240 ( 600) RegSrvc.exe
PID: 2300 ( 600) RS_Service.exe
PID: 2340 ( 600) SBAMSvc.exe
PID: 2396 ( 380) C:\Windows\System32\dwm.exe
PID: 2408 (2384) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 2532 ( 600) sqlbrowser.exe
PID: 2556 ( 600) sqlwriter.exe
PID: 2760 (2408) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
size: 320000
MD5: 2C2C3D428E6581CF56A80416AA327425
PID: 2768 (2408) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
size: 823840
MD5: E64270B5DB7218E60AD62ED0C52E3A09
PID: 2776 (2408) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1808168
MD5: FD217F6DDBB90D84A46B36E17E99CA0C
PID: 2792 (2408) C:\Windows\System32\igfxtray.exe
PID: 2800 (2408) C:\Windows\System32\hkcmd.exe
PID: 2828 (2408) C:\Windows\System32\igfxpers.exe
PID: 2880 ( 772) C:\Windows\System32\igfxsrvc.exe
PID: 2920 (2408) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
size: 11780712
MD5: 77A441250C9C66B889828132855ACD54
PID: 3480 ( 600) svchost.exe
size: 20992
PID: 3732 ( 600) TuneUpUtilitiesService64.exe
PID: 3872 ( 600) MediaServer.exe
PID: 3996 ( 600) UpdaterService.exe
PID: 464 ( 600) SDWinSec.exe
PID: 4240 (3732) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
size: 1340736
MD5: 0F71CB03736B5FEC70B1E0888367A30B
PID: 4252 ( 772) unsecapp.exe
PID: 4480 ( 772) WmiPrvSE.exe
PID: 4644 (1540) avshadow.exe
PID: 4652 ( 484) conhost.exe
PID: 4784 ( 772) C:\Windows\System32\igfxext.exe
PID: 4912 ( 600) SearchIndexer.exe
size: 427520
PID: 4936 ( 772) C:\Windows\System32\wbem\unsecapp.exe
PID: 5056 (1780) ePowerEvent.exe
PID: 3748 ( 600) svchost.exe
size: 20992
PID: 2152 (2776) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: C6BE59AE498497F78EC46DADB5335766
PID: 4884 ( 600) wmpnetwk.exe
PID: 5832 ( 600) svchost.exe
size: 20992
PID: 6112 ( 600) iPodService.exe
PID: 5260 ( 600) svchost.exe
size: 20992
PID: 4084 ( 600) IAStorDataMgrSvc.exe
PID: 5460 ( 488) C:\Windows\System32\wuauclt.exe
PID: 6036 (3192) C:\Windows\SysWOW64\WerFault.exe
size: 360448
MD5: 5FEAB868CAEDBBD1B7A145CA8261E4AA
PID: 2224 ( 600) taskhost.exe

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 22.07.2012 09:01:40

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://go.microsoft.com/fwlink/?LinkId=54896

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD-Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD-Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD-Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: MSAFD-Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 4: MSAFD-Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 5: MSAFD-Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: RSVP-TCPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP-TCP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP-UDPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP-UDP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Namespace Provider 0: NLA (Network Location Awareness, NLAv1)-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

Namespace Provider 5: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 6: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 7: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 8: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 9: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Hallo und Danke für die schnelle Meldung.

OTL hab ich schon durch - Wie kann ich das hier Posten? Datei ist als Anhang zu groß.

Malwarebytes läuft noch.

Inzwischen hat Antivir folgende Funde gemeldet:
RKIT/AGENT.DEPG.1
TR/SPY.BANKER.GEN

Hab auf Details geklickt, aber da kommt nix. Also auf Löschen, kam dann etwa 10x und dann war ruhe. Jetzt ist AntiVir deaktiviert wegen den Suchlauf von Malwarebytes.

Kopiere die OTL Logs mal mit copy & paste rein. Ich hab extra 60 Tage eingestellt, weil ich anfang Juni viel gedowloaded hatte. Vlt. hab ic mir da was eingefangen...OTL Logfile:

Code:

OTL logfile created on: 22.07.2012 10:09:23 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\JoeCool\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,93 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 29,49% Memory free

3,87 Gb Paging File | 1,60 Gb Available in Paging File | 41,29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220,79 Gb Total Space | 148,73 Gb Free Space | 67,36% Space Free | Partition Type: NTFS

 

Computer Name: ACER-NETBOOK | User Name: JoeCool | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\JoeCool\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)

PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)

PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)

PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

PRC - C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG)

PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()

PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()

PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Windows\snuvcdsm.exe ()

PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Windows\PLFSetI.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\JoeCool\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()

MOD - C:\Users\JoeCool\AppData\Roaming\13001.026\components\AcroFF026.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3989b4ca6cf904061992daec9e7d5644\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\42221dddc2b53dc24f14e9c285d1de8f\PresentationFramework.Aero.ni.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\snuvcdsm.exe ()

MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

MOD - C:\Windows\PLFSetI.exe ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)

SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()

SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)

SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)

SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)

DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)

DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (ui11drdr) -- C:\Windows\SysNative\drivers\ui11drdr.SYS (1&1 Internet AG)

DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)

DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.web.de/

IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{074E482C-DD2C-42B8-96A8-F67ECCE9D474}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=9a65cef7000000000000001e64348cf3

IE - HKCU\..\SearchScopes\{45F03664-29FC-4820-A20A-8DE6B05D7FB2}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on

IE - HKCU\..\SearchScopes\{6299DCEA-64DA-464A-9A47-0BE3CAEED0DB}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE357DE357

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{86B187AB-D745-4E00-A33A-93D6330BCFB8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={42903223-B249-4FA0-AF3F-5D1BAAACD349}&mid=36b9e18315d147d183b1d16fd89b6449-75968e8b8846c8686ff11da71a6687c5bf2fec85&lang=de&ds=tt014&pr=sa&d=2011-12-11 09:34:09&v=8.0.0.34&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\googlebar@google.com: C:\Users\JoeCool\AppData\Roaming\Google_Toolbar\Google_Toolbar\1.0.0.0 [2012.06.12 14:47:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\JoeCool\AppData\Roaming\13001.026 [2012.07.17 18:00:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.04.22 07:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Extensions

[2012.07.21 14:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions

[2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions

[2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

[2012.05.11 07:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.07.19 11:45:01 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES (X86)\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}

[2012.06.20 20:59:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.11.11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

[2012.02.18 08:35:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.24 02:31:45 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.03.23 21:00:41 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.02.18 08:35:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.18 08:35:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.18 08:35:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.18 08:35:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.18 08:35:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: hxxp://www.google.com

CHR - Extension: No name found = C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0\

 

O1 HOSTS File: ([2012.03.04 12:49:00 | 000,441,475 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        www.123fporn.info

O1 - Hosts: 15172 more lines...

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe ()

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe ()

O4 - HKCU..\Run: [1&1_1&1 Office-Drive Manager] C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG)

O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 7

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108859

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found

O9:64bit: - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe ()

O9:64bit: - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209CAB17-3433-4606-BBA1-C77E5434E188}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF772E7-62EB-4A1D-9BD0-AE5DDB4DECB3}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\haufereader - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\haufereader - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\Shell - "" = AutoRun

O33 - MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\Shell\AutoRun\command - "" = D:\USBAutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 60 Days ==========

 

[2012.07.22 09:39:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe

[2012.07.21 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adaware

[2012.07.21 14:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2012.07.21 14:13:38 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys

[2012.07.21 14:13:37 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

[2012.07.21 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012.07.21 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adawarebp

[2012.07.21 14:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012.07.21 14:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb

[2012.07.21 14:09:55 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus

[2012.07.19 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Desktop\MariCon

[2012.07.17 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.026

[2012.07.17 12:52:27 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Skype

[2012.07.17 12:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.07.17 12:51:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012.07.17 12:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.07.17 12:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012.07.14 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.025

[2012.07.13 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.024

[2012.07.12 20:42:42 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.023

[2012.07.12 14:40:32 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\UAs

[2012.07.12 14:04:59 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.022

[2012.07.12 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\xmldm

[2012.07.12 14:04:30 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\kock

[2012.07.06 12:55:11 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog

[2012.06.27 08:27:05 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Avira

[2012.06.27 08:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.06.27 08:21:27 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2012.06.27 08:21:27 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2012.06.27 08:21:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.06.26 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Temp

[2012.06.26 12:02:02 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys

[2012.06.26 12:02:02 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys

[2012.06.26 12:02:01 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys

[2012.06.26 12:02:01 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys

[2012.06.26 12:02:01 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys

[2012.06.26 11:33:00 | 000,000,000 | ---D | C] -- C:\2c9c9d0d276235ed2517d9b428

[2012.06.25 13:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi-Businessplaner

[2012.06.25 13:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMWi-Businessplaner

[2012.06.21 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\Macromedia

[2012.06.19 12:22:28 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012.06.19 12:22:28 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012.06.19 12:22:28 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012.06.19 12:22:18 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012.06.19 12:22:18 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012.06.19 12:22:18 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012.06.19 12:21:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012.06.19 12:21:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012.06.12 16:35:21 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\MSWINSCK.OCX

[2012.06.12 16:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Accessories

[2012.06.12 16:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cannonnt

[2012.06.12 16:07:33 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\c.dll

[2012.06.12 16:06:55 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieobject.dll

[2012.06.12 16:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebDevl

[2012.06.12 16:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Accessories

[2012.06.12 11:18:33 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Google_Toolbar

[2012.06.12 11:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gmail Hacker Pro

[2012.06.12 11:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HackerPro

[2012.06.12 11:18:23 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Hacker Pro

[2012.06.12 07:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecurityXploded

[2012.06.11 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\CyberLink

[2012.06.11 07:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer

[2012.06.10 12:30:58 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Serif

[2012.06.10 12:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2012.06.10 12:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications

[2012.06.10 12:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serif

[2012.06.10 12:18:10 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\.dia

[2012.06.10 11:29:04 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\.gimp-2.8

[2012.06.09 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\SmartTools_Publishing,_Th

[2012.06.09 10:48:06 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\Add-in Express

[2012.06.09 10:48:02 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools

[2012.06.09 10:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartTools

[2012.06.09 10:44:05 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\SmartTools

[2012.06.09 10:41:37 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Hulubulu

[2012.06.09 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Renamer

[2012.06.09 10:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2012.06.08 09:12:26 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\My PowerPoints

[2012.06.07 07:27:49 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\MISC

[2012.06.05 16:46:04 | 000,000,000 | R--D | C] -- C:\Users\JoeCool\Documents\Scanned Documents

[2012.06.05 16:46:04 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\Fax

[2012.06.05 12:53:13 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\1&1

[2012.06.05 12:53:00 | 000,199,752 | ---- | C] (1&1 Internet AG) -- C:\Windows\SysNative\drivers\ui11drdr.SYS

[2012.06.05 12:53:00 | 000,011,776 | ---- | C] (1&1 Internet AG) -- C:\Windows\SysNative\ui11dnp.dll

[2012.06.05 12:53:00 | 000,008,192 | ---- | C] (1&1 Internet AG) -- C:\Windows\SysWow64\ui11dnp.dll

[2012.06.05 12:52:59 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\1&1

[2012.06.05 12:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1

[2012.06.05 12:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1

[2012.06.05 12:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1

[2012.06.02 10:51:38 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\kompozer.net

[2012.06.02 10:51:38 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\kompozer.net

[2012.06.02 10:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer_BETA

[2012.06.02 10:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KompoZer_BETA

[2012.05.31 14:56:55 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\XMLmind

[2012.05.31 14:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XML Editor

[2012.05.31 14:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XML_Editor

[2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\JoeCool\AppData\Roaming\*.tmp files -> C:\Users\JoeCool\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 60 Days ==========

 

[2012.07.22 10:05:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.07.22 09:39:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe

[2012.07.22 09:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.07.21 18:05:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.07.21 14:27:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.21 14:27:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.21 14:26:24 | 001,864,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.21 14:26:24 | 000,797,262 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.21 14:26:24 | 000,735,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.21 14:26:24 | 000,185,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.21 14:26:24 | 000,148,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.21 14:21:36 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini

[2012.07.21 14:21:26 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012.07.21 14:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.21 14:19:06 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.21 12:03:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat

[2012.07.21 12:03:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat

[2012.07.21 11:53:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad

[2012.07.19 16:10:34 | 002,686,168 | ---- | M] () -- C:\Users\JoeCool\Desktop\Whisky.gif

[2012.07.17 18:12:51 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.17 18:10:48 | 000,000,051 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res

[2012.07.17 17:49:55 | 000,171,712 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\AcroIEHelpe170.dll

[2012.07.17 17:49:55 | 000,006,400 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\BAcroIEHelpe170.dll

[2012.07.17 16:52:52 | 001,269,795 | ---- | M] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf

[2012.07.17 12:51:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.07.14 16:09:00 | 000,000,011 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat

[2012.07.13 23:00:55 | 000,007,030 | ---- | M] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg

[2012.07.12 09:20:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.07.12 09:20:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.07.08 20:39:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad

[2012.07.05 23:03:34 | 000,028,648 | ---- | M] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg

[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.27 08:21:39 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.06.26 11:49:41 | 001,842,876 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.06.25 13:07:29 | 000,001,356 | ---- | M] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk

[2012.06.12 18:08:25 | 000,000,860 | ---- | M] () -- C:\Windows\SysWow64\runrefog.lnk

[2012.06.12 17:16:53 | 000,000,046 | ---- | M] () -- C:\Windows\winclfile.dll

[2012.06.12 17:15:59 | 000,000,026 | ---- | M] () -- C:\Windows\refsdm.dll

[2012.06.12 17:12:01 | 000,000,790 | ---- | M] () -- C:\Windows\slog.dll

[2012.06.12 16:10:25 | 000,000,001 | ---- | M] () -- C:\Windows\dwatson.dll

[2012.06.12 16:06:56 | 000,000,006 | ---- | M] () -- C:\Windows\ntcore.dll

[2012.06.12 16:06:55 | 000,000,019 | ---- | M] () -- C:\Windows\NTVDLL.dll

[2012.06.12 15:48:41 | 000,000,782 | ---- | M] () -- C:\Windows\wininit.ini

[2012.06.12 14:37:21 | 000,000,955 | ---- | M] () -- C:\Users\JoeCool\Desktop\Ardamax Keylogger 3.8.5.lnk

[2012.06.12 11:18:24 | 000,001,027 | ---- | M] () -- C:\Users\JoeCool\Desktop\Gmail Hacker Pro.lnk

[2012.06.12 08:15:05 | 000,000,853 | ---- | M] () -- C:\user.js

[2012.06.12 07:58:33 | 000,001,107 | ---- | M] () -- C:\Users\JoeCool\Desktop\SXPasswordSuite.lnk

[2012.06.11 12:20:00 | 000,076,328 | ---- | M] () -- C:\Users\JoeCool\Desktop\Germany - Lloyd's Crystal.pdf

[2012.06.11 07:43:59 | 000,001,047 | ---- | M] () -- C:\Users\JoeCool\Desktop\Advanced Renamer.lnk

[2012.06.11 06:31:32 | 000,443,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.06.10 12:29:52 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\Serif PagePlus Starter Edition.lnk

[2012.06.10 12:17:44 | 000,007,469 | ---- | M] () -- C:\Users\JoeCool\AppData\Local\recently-used.xbel

[2012.06.07 13:46:19 | 000,001,335 | ---- | M] () -- C:\Users\JoeCool\Desktop\STRIKE_CLUB.lnk

[2012.06.07 07:43:06 | 000,002,091 | ---- | M] () -- C:\Users\JoeCool\Desktop\julitecCRM.lnk

[2012.06.07 07:42:25 | 000,001,887 | ---- | M] () -- C:\Users\JoeCool\Desktop\ELOoffice.lnk

[2012.06.07 07:36:18 | 000,001,030 | ---- | M] () -- C:\Users\JoeCool\Desktop\Bewerbungen.lnk

[2012.06.07 07:33:31 | 000,004,979 | ---- | M] () -- C:\Users\JoeCool\Desktop\filezilla.exe.lnk

[2012.06.07 07:33:10 | 000,000,992 | ---- | M] () -- C:\Users\JoeCool\Desktop\MARICON.lnk

[2012.06.06 16:18:21 | 000,006,144 | ---- | M] () -- C:\Users\JoeCool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.06.06 13:53:31 | 000,000,277 | ---- | M] () -- C:\Windows\ODBC.INI

[2012.06.06 07:09:32 | 000,000,039 | ---- | M] () -- C:\Windows\combit.ini

[2012.06.05 12:52:59 | 000,001,413 | ---- | M] () -- C:\Users\Public\Desktop\Office-Driver.lnk

[2012.06.04 08:59:19 | 000,011,530 | ---- | M] () -- C:\Users\JoeCool\Documents\DOT.sla

[2012.06.04 08:53:25 | 000,011,530 | ---- | M] () -- C:\Users\JoeCool\Documents\DOT.sla.autosave

[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012.06.02 10:45:28 | 000,001,650 | ---- | M] () -- C:\Windows\mozver.dat

[2012.05.29 09:38:50 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\JoeCool\AppData\Roaming\*.tmp files -> C:\Users\JoeCool\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.21 14:13:58 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012.07.20 17:43:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad

[2012.07.19 16:10:33 | 002,686,168 | ---- | C] () -- C:\Users\JoeCool\Desktop\Whisky.gif

[2012.07.17 18:12:51 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.17 17:49:55 | 000,171,712 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\AcroIEHelpe170.dll

[2012.07.17 17:49:55 | 000,006,400 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\BAcroIEHelpe170.dll

[2012.07.17 16:52:00 | 001,269,795 | ---- | C] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf

[2012.07.17 12:51:54 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.07.14 16:09:00 | 000,000,011 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat

[2012.07.13 23:00:51 | 000,007,030 | ---- | C] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg

[2012.07.12 14:04:50 | 000,000,051 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res

[2012.07.08 20:19:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad

[2012.07.05 23:03:25 | 000,028,648 | ---- | C] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg

[2012.06.27 08:21:39 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.06.25 13:07:29 | 000,001,356 | ---- | C] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk

[2012.06.12 18:08:25 | 000,000,860 | ---- | C] () -- C:\Windows\SysWow64\runrefog.lnk

[2012.06.12 16:33:15 | 000,000,026 | ---- | C] () -- C:\Windows\refsdm.dll

[2012.06.12 16:29:06 | 000,000,790 | ---- | C] () -- C:\Windows\slog.dll

[2012.06.12 16:10:25 | 000,000,046 | ---- | C] () -- C:\Windows\winclfile.dll

[2012.06.12 16:10:25 | 000,000,001 | ---- | C] () -- C:\Windows\dwatson.dll

[2012.06.12 16:06:56 | 000,000,006 | ---- | C] () -- C:\Windows\ntcore.dll

[2012.06.12 16:06:55 | 000,000,019 | ---- | C] () -- C:\Windows\NTVDLL.dll

[2012.06.12 14:37:21 | 000,000,955 | ---- | C] () -- C:\Users\JoeCool\Desktop\Ardamax Keylogger 3.8.5.lnk

[2012.06.12 11:18:24 | 000,001,027 | ---- | C] () -- C:\Users\JoeCool\Desktop\Gmail Hacker Pro.lnk

[2012.06.12 07:58:33 | 000,001,107 | ---- | C] () -- C:\Users\JoeCool\Desktop\SXPasswordSuite.lnk

[2012.06.11 12:20:00 | 000,076,328 | ---- | C] () -- C:\Users\JoeCool\Desktop\Germany - Lloyd's Crystal.pdf

[2012.06.11 07:43:59 | 000,001,047 | ---- | C] () -- C:\Users\JoeCool\Desktop\Advanced Renamer.lnk

[2012.06.10 12:29:52 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\Serif PagePlus Starter Edition.lnk

[2012.06.10 12:29:51 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus Starter Edition.lnk

[2012.06.10 12:17:44 | 000,007,469 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\recently-used.xbel

[2012.06.07 13:46:19 | 000,001,335 | ---- | C] () -- C:\Users\JoeCool\Desktop\STRIKE_CLUB.lnk

[2012.06.07 07:43:06 | 000,002,091 | ---- | C] () -- C:\Users\JoeCool\Desktop\julitecCRM.lnk

[2012.06.07 07:42:25 | 000,001,887 | ---- | C] () -- C:\Users\JoeCool\Desktop\ELOoffice.lnk

[2012.06.07 07:36:18 | 000,001,030 | ---- | C] () -- C:\Users\JoeCool\Desktop\Bewerbungen.lnk

[2012.06.07 07:33:31 | 000,004,979 | ---- | C] () -- C:\Users\JoeCool\Desktop\filezilla.exe.lnk

[2012.06.07 07:33:10 | 000,000,992 | ---- | C] () -- C:\Users\JoeCool\Desktop\MARICON.lnk

[2012.06.05 12:52:59 | 000,001,413 | ---- | C] () -- C:\Users\Public\Desktop\Office-Driver.lnk

[2012.06.04 08:53:25 | 000,011,530 | ---- | C] () -- C:\Users\JoeCool\Documents\DOT.sla.autosave

[2012.06.04 07:32:08 | 000,011,530 | ---- | C] () -- C:\Users\JoeCool\Documents\DOT.sla

[2012.06.02 10:45:11 | 000,001,650 | ---- | C] () -- C:\Windows\mozver.dat

[2012.05.28 10:40:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll

[2012.05.12 11:11:41 | 000,038,425 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2012.04.28 10:54:37 | 000,000,039 | ---- | C] () -- C:\Windows\combit.ini

[2012.04.24 14:01:04 | 000,000,277 | ---- | C] () -- C:\Windows\ODBC.INI

[2012.04.24 13:49:28 | 000,350,208 | ---- | C] () -- C:\Windows\SysWow64\EloOpenOffice.dll

[2012.04.24 13:49:28 | 000,163,160 | ---- | C] () -- C:\Windows\SysWow64\ELOComRes.dll

[2012.04.24 13:49:22 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\fteh006n.dll

[2012.04.24 13:45:17 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI

[2012.03.04 12:10:42 | 000,000,782 | ---- | C] () -- C:\Windows\wininit.ini

[2012.01.25 14:49:20 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI

[2012.01.25 14:27:17 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.07.19 10:16:33 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll

[2011.07.19 10:16:33 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe

[2011.07.19 10:16:33 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

[2011.05.20 08:59:18 | 000,038,441 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Kommagetrennte Werte (Windows).ADR

[2011.05.17 12:28:58 | 000,245,354 | ---- | C] () -- C:\Windows\hpoins19.dat

[2011.05.17 12:28:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2011.05.04 11:04:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2011.05.04 11:04:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2011.04.22 07:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.04.15 12:34:30 | 000,007,598 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\Resmon.ResmonCfg

[2011.04.07 17:19:01 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini

[2010.12.16 22:29:02 | 000,000,316 | ---- | C] () -- C:\Windows\Jelly.ini

[2010.11.07 11:54:25 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2009.12.25 13:30:39 | 000,006,144 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
 

< End of report >

--- --- ---

----OTL Logfile:

Code:

OTL Extras logfile created on: 22.07.2012 10:09:23 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\JoeCool\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,93 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 29,49% Memory free

3,87 Gb Paging File | 1,60 Gb Available in Paging File | 41,29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220,79 Gb Total Space | 148,73 Gb Free Space | 67,36% Space Free | Partition Type: NTFS

 

Computer Name: ACER-NETBOOK | User Name: JoeCool | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Program Files (x86)\combit\cRM\Tools\editor\Scite.exe %1

jsefile [edit] -- C:\Program Files (x86)\combit\cRM\\Tools\editor\Scite.exe %1

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [edit] -- C:\Program Files (x86)\combit\cRM\\Tools\editor\Scite.exe %1

vbsfile [edit] -- C:\Program Files (x86)\combit\cRM\Tools\editor\Scite.exe %1

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Program Files (x86)\combit\cRM\Tools\editor\Scite.exe %1

jsefile [edit] -- C:\Program Files (x86)\combit\cRM\\Tools\editor\Scite.exe %1

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [edit] -- C:\Program Files (x86)\combit\cRM\\Tools\editor\Scite.exe %1

vbsfile [edit] -- C:\Program Files (x86)\combit\cRM\Tools\editor\Scite.exe %1

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{019951C3-1C99-40DE-A186-4E559D1CEE96}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{02E421BD-37A2-40BD-A94E-A1274D477968}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{076A816D-2581-4CE7-8EF6-E0D9BC5FF978}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{251FBBB8-11D6-48CA-9781-32A4B70498C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{26A20839-DC1D-4ED6-A244-C1F40B34A429}" = rport=445 | protocol=6 | dir=out | app=system | 

"{29CBF912-AB23-4F05-AFEE-EFB405EB1C30}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{2AA753BE-B2D2-478F-AA81-6999969158BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{350F8951-8CF4-4C99-84D7-666C9FE7775C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3A0A9E0F-78AC-43AE-88E5-B40A61A769AF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{44363E6E-9E0D-4BA5-8D6F-D6D22F040AD1}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{4A2FFA07-4982-4AAE-A485-123A73C1688C}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{575C6EC3-4CBF-4A22-A603-5E9D88DC68F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{61661006-663B-4646-AB6C-2BB519BD7C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{6193AB39-796B-4C54-A0BA-BC5BDEC6C0CD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{6A0EB992-4AF1-4E09-9CB3-94C4E764AAEE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{72125DC3-06F4-43C4-90FC-77B4C3FD424C}" = lport=138 | protocol=17 | dir=in | app=system | 

"{7AA62526-8230-4616-8732-896C6F076A25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7C8EFEE3-4EDB-4ED9-9903-515379382263}" = rport=137 | protocol=17 | dir=out | app=system | 

"{7D36344F-E5ED-4DFE-8BA0-03291D1FB230}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{81B05B84-A3CF-4B52-B563-1697064976FA}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{8331B423-5EEC-4404-A560-559E69AFB284}" = lport=139 | protocol=6 | dir=in | app=system | 

"{92621AC1-E7BA-4836-BF16-7107876953D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{96DC1309-6D17-45D9-8E44-F52D0CD6434C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{9D1A1B6E-D587-4E58-8945-BE95EA99BC94}" = lport=137 | protocol=17 | dir=in | app=system | 

"{AD3E67A3-7C42-4F0C-836D-E91AB15DA9DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{AEFF8A2F-BDE2-40EB-960A-28053878AC27}" = rport=138 | protocol=17 | dir=out | app=system | 

"{B858A87E-662D-423D-BFB1-2291CCA49DDE}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{C6D9EB52-1995-4FED-85C8-A53903DB6B96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CB193A92-D3DD-4B31-A9AA-4EAE1DCCD0B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D6CFDF84-48E2-451F-B6A4-0A00896CBED5}" = rport=139 | protocol=6 | dir=out | app=system | 

"{DE4E99C2-7B02-4367-A762-A4622CCA781E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E4BAE3C2-F217-4A5A-92E2-3B5447EB23C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E91C8DFF-D87E-4A4D-BBC0-83AD8F8BB5BF}" = lport=445 | protocol=6 | dir=in | app=system | 

"{EEE82DC8-D717-4892-B063-2A27D9D27FEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C28DE-4E84-4464-B73A-C4A833AF59AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 

"{01A310EE-6993-4B32-91AF-C3524A98DE25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 

"{035C9307-2680-47C5-8287-DA18248C2185}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 

"{05B3D514-5D58-417D-AA58-A9E08EF020CC}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 

"{0A4732AB-3FD7-4B43-94FC-5DCF0669B990}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 

"{0BFC2AF2-0E16-400D-80FF-763DE3D7ECB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 

"{0ED77FEF-6611-49CD-AD93-68034B5A659E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 

"{11927016-17A6-40B1-8FDC-6C410E0D2A83}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 

"{131D4EFC-2901-4E7C-B7F7-A85A26358879}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{17EAF686-B5BC-4EFF-B0DA-272D5CBFFBC7}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 

"{1A408AC7-D2BB-48F1-A29B-1F345EA7087D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{1D98C195-8B0B-4E30-AAF1-6A2A5A24B529}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{26763DC9-4FF4-4D15-9B0B-246F7AF0D526}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{267A1C27-9CCD-479B-9B26-295BEB50F63A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{2DA7C2A5-6DC4-488C-9C19-C1CABD149A7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2E7791BB-7C2F-4A0C-8272-F8DE6FAAAFB2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 

"{2F5556C2-B3E6-48EE-A3C9-DE4D6636DB41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 

"{2FB830A0-B618-4000-906F-C4766B2F2AE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 

"{364CD55A-3AD2-465C-A4D8-B2B50F27F57A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{3D146DA2-6AFE-4282-BA3F-853A73B0674C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3EEA3DC5-D3D6-423F-A7E6-0E5C70481D5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 

"{3FDB48DF-895F-4E7D-BF03-B8AFDB3F8737}" = protocol=6 | dir=out | app=system | 

"{4130F6CB-5F98-405D-9369-D8DE983DBEC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{4599EADA-4427-48CA-854E-BF099494AD10}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{4BD9D63B-8549-45F3-820C-8A35644617C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4C7BEED6-0944-4BC0-9DD0-1F0E9F8A5AC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4C9CDE30-8AD9-45AE-BEE9-3C04F5768010}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 

"{4FA2EAB6-575E-4AD0-AE4D-3CE482681B74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{4FF4E3A8-B7AA-46D3-BCF0-798674C1F35D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{575A4804-9069-4FE7-9E6A-6DE5B4F9E9B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{5C8B2F5A-3393-4690-A4E0-A9094BF9C6F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 

"{5CC4FE2F-D506-4A20-9EC7-93EA66CBC0CF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{62A835AB-E066-47B5-A079-2BD662C52C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 

"{682A5125-3680-4A1F-A1D9-738024E03E18}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{6C24E2BF-8679-4ACF-9DC4-2DFC6892BA9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 

"{6E470209-D99F-4934-9E43-97E72D5D35F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6FCC02AE-8373-4FB4-A919-706D97FC5BEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{72C0BB05-4485-46C3-889A-0F5B1F928F5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7ADC6447-0877-433F-9924-C80B35EC57D0}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 

"{841A03F1-B2EE-4946-97F4-CB7C61BCCBBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 

"{85A11F5F-65E7-4E30-90E2-9C3CD460BC70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 

"{861040D1-973C-48ED-AB14-2DE90EE1F9C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 

"{87D959A7-48D7-4097-859C-1241EC9C8E68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{8A71ED90-FBB3-4AE2-897F-EE78BD09B97E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{97124854-8DAC-4585-BEB9-4CCC550E2E4E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 

"{98C7A3E5-8A85-473A-AE21-B05CEFC84475}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{99B0FA31-8A7A-43F5-8740-CCFDCC659653}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{9F2765F8-B79F-4A6F-AC77-550A523B77D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{A201CB10-9DD7-4028-ABF7-879C84916AD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{ABC5063F-3631-4110-A07B-54C1BCCB4BB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B3C19819-F970-4585-BA91-1920FED9B488}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 

"{B7768752-48F6-4FAF-B03A-24142FFDE3FF}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 

"{B86F35C4-D4E8-46D8-B293-1E1E2EA61453}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 

"{B8F16573-E282-4641-AC6A-6EDE0B515EAF}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 

"{BACAFB9E-1315-475D-BE4E-CAC2580A171A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 

"{BF73BE70-F179-45A9-93A0-1EC0B4FA6201}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 

"{BF7C8D4D-76F8-4839-A53C-8316A6A6C53D}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 

"{CEE5ADAA-C65C-4AAA-8BF2-0656A2C34B37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 

"{D3E2AF50-233A-44D1-9BD5-8A1D1C5910F5}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 

"{DB98C6DF-7714-4F88-896E-68C828D5ADDC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

"{E9AB88B7-4F65-4762-8544-BCBC260BA6AA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{EC7ED577-0033-4975-8F0E-25D3EBFE2B45}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{ECCFA772-4A09-402B-93C2-36496B7F19B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{F0948863-3EE0-4413-A70E-C5689FC88FBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 

"{F5F0151B-B8CC-46B0-899D-8ED93428F78B}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 

"{F76B2608-5EF1-4BD2-AF7C-9EE45680C9AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 

"{F9BF9041-6ED5-4D50-AACD-20A8AD031C54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 

"{F9DC5605-BFE3-4E56-9E01-F3ABB6A9C441}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"TCP Query User{16F77AF2-DC52-4F07-BF20-47B0B08F1288}C:\program files (x86)\nas utility\pnmd\pnmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nas utility\pnmd\pnmd.exe | 

"UDP Query User{7B3E1F31-F802-4A1A-8B4C-E4C7DB22B540}C:\program files (x86)\nas utility\pnmd\pnmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nas utility\pnmd\pnmd.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers

"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software

"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6C30966B-A597-41FA-A897-702A761DAFE3}" = Microsoft SQL Server Management Studio Express

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent

"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer

"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client

"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module

"GIMP-2_is1" = GIMP 2.8.0

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HPOCR" = OCR Software by I.R.I.S. 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan

"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb

"{1C4AAC59-364D-4804-957A-5F7A2688ED25}" = Lexware büro easy 2007

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{245E74BE-A9EF-4EC2-BF23-C93AAFE69B07}" = Lexware online banking 4.80

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29826F3D-1139-4F06-B109-C6B29B1D6339}" = Lexware online banking 4.80

"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{2E868046-F930-47A6-85FD-7AC08DD1A9D1}" = Lexware büro easy 2007

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam

"{3AD96D37-7CAF-4295-A274-E403F1F38065}" = Tools für Microsoft SQL Server 2005

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FD62708-FA3F-42DF-AD66-F400A1BDBFF1}" = Lexware büro easy 2007

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4FB3B7B9-1DD2-4707-9138-23010E65AEA6}" = Lexware online banking 4.80

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser

"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service

"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader

"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup

"{5BE4CACE-8B98-4BE7-B854-2CF79D983F3D}" = Lexware Abschreibungsrechner

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update

"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{82E85DB5-7C06-418E-8CB9-9805E27C0B65}" = Lexware büro easy 2007

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007

"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007

"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007

"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{904CD0E4-4B72-4CF7-9828-267C6678A22E}" = System Requirements Lab for Intel

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC2A17B5-82EB-4E4A-9A90-A57E20909F92}" = Lexware büro easy 2007

"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI

"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup

"{AED96948-B28A-4958-9318-73FF9F4746AA}}_is1" = Netpas Distance

"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}" = 6300

"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help

"{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}" = ELOoffice

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint

"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition

"{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}" = ELO Pdf Drucker

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (COMBIT_CRM)

"{D05FC947-69D8-4A56-9BAB-AD87E59122C5}" = Lexware Abschreibungsrechner

"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.95.714

"{D6EC987A-1E19-47F3-8172-60511412D1DD}" = PNMD

"{DA0AB139-B29E-5B54-726C-B2A5CE6DA2CC}" = BMWi-Businessplaner Gründung

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18

"{E3D2C89A-6C03-49F4-822D-C7665BC86410}" = funScreenScraping Client Version

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext

"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service

"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung

"{EDF80EF9-3903-4DDC-96BC-F7D863E689C4}" = QuickSteuer Wissens-Center 2010

"{EE027410-D08E-47B0-8AE6-53CCFA8048F6}" = Lexware büro easy 2007

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection

"adawaretb" = Ad-Aware Security Toolbar

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Advanced Renamer_is1" = Advanced Renamer

"Avira AntiVir Desktop" = Avira Free Antivirus

"AVMFBox" = AVM FRITZ!Box Dokumentation

"BGBlitz_is1" = BGBlitz 2.7.0

"BitTorrent" = BitTorrent

"BMWiBusinessplanerGruenden" = BMWi-Businessplaner Gründung

"Calculatem Pro_is1" = Calculatem Pro

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"Charter Party Viewer" = Charter Party Viewer

"CSS3 Menu" = CSS3 Menu

"Dia" = Dia (nur entfernen)

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ElsterFormular 12.2.2.6665k" = ElsterFormular

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Calendar Sync" = Google Calendar Sync

"GPL Ghostscript 9.05" = GPL Ghostscript

"GridVista" = Acer GridVista

"GSview 5.0" = GSview 5.0

"Identity Card" = Identity Card

"Inkscape" = Inkscape 0.48.3.1

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go

"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint

"InstallShield_{D6EC987A-1E19-47F3-8172-60511412D1DD}" = PNMD

"IrfanView" = IrfanView (remove only)

"JellyFish Light 3.5" = JellyFish Light 3.5

"julitecCRM_is1" = julitecCRM 6.0

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Basic)

"LinkedIn Outlook Connector" = LinkedIn Outlook Connector

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

"MyCamera" = Canon Utilities MyCamera

"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin

"Nvu_is1" = Nvu 1.0

"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch

"Open Codecs" = Xiph.Org Open Codecs 0.85.17777

"PartyPoker" = PartyPoker

"PhotoRecord" = Canon PhotoRecord

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa 3" = Picasa 3

"ProInst" = Intel PROSet Wireless

"Protect Disc License Helper" = Protect Disc License Helper 1.0.118

"Scribus 1.4.1" = Scribus 1.4.1

"Softonic" = Softonic toolbar  on IE and Chrome

"SopCast" = SopCast 3.5.0

"TreeSize Free_is1" = TreeSize Free V2.5

"TuneUp Utilities 2012" = TuneUp Utilities 2012

"TVersity Codec Pack" = TVersity Codec Pack 1.7

"TVersity Media Server" = TVersity Media Server 1.9.7

"TWIN 7 Tweaker_is1" = DATA BECKER TWIN 7 Tweaker

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"WOW Slider" = WOW Slider

"XMLmind XML Editor_is1" = XMLmind XML Editor Personal Edition 5.2.1 (2012-05-09)

"xp-AntiSpy" = xp-AntiSpy 3.97-7

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ActiveTrader 5.1.2_b2" = ActiveTrader 5.1.2_b2

"Video Player" = Video Player

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 18.07.2012 01:19:30 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 18.07.2012 01:19:30 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4133231

 

Error - 18.07.2012 01:19:30 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4133231

 

Error - 18.07.2012 01:19:31 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 18.07.2012 01:19:32 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4134229

 

Error - 18.07.2012 01:19:32 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4134229

 

Error - 19.07.2012 01:26:27 | Computer Name = Acer-NetBook | Source = Lavasoft Ad-Aware Service | ID = 0

Description = 

 

Error - 21.07.2012 06:00:53 | Computer Name = Acer-NetBook | Source = Avira Antivirus | ID = 4110

Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler

 auf!  Fehlercode: 0x35

 

Error - 21.07.2012 06:01:52 | Computer Name = Acer-NetBook | Source = Lavasoft Ad-Aware Service | ID = 0

Description = 

 

Error - 21.07.2012 06:03:52 | Computer Name = Acer-NetBook | Source = Lavasoft Ad-Aware Service | ID = 0

Description = 

 

[ Media Center Events ]

Error - 03.01.2010 22:23:47 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 03:23:46 - Fehler beim Herstellen der Internetverbindung.  03:23:46 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 03.01.2010 23:23:53 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 04:23:52 - Fehler beim Herstellen der Internetverbindung.  04:23:52 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 04.01.2010 00:23:59 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 05:23:58 - Fehler beim Herstellen der Internetverbindung.  05:23:58 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 04.01.2010 01:28:51 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 06:28:50 - Fehler beim Herstellen der Internetverbindung.  06:28:50 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 14.01.2010 05:11:43 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 10:11:37 - Fehler beim Herstellen der Internetverbindung.  10:11:37 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10.02.2010 15:21:44 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 20:21:44 - Fehler beim Herstellen der Internetverbindung.  20:21:44 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10.02.2010 15:21:53 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 20:21:49 - Fehler beim Herstellen der Internetverbindung.  20:21:49 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 14.02.2010 02:51:10 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 07:51:10 - Fehler beim Herstellen der Internetverbindung.  07:51:10 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 21.02.2010 02:52:20 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 07:52:19 - Fehler beim Herstellen der Internetverbindung.  07:52:20 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 21.02.2010 02:52:29 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0

Description = 07:52:25 - Fehler beim Herstellen der Internetverbindung.  07:52:25 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ OSession Events ]

Error - 07.03.2012 17:23:13 | Computer Name = Acer-NetBook | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 21.07.2012 05:55:26 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   AFD  avipbb  avkmgr  DfsC  discache  mwlPSDFilter  mwlPSDNServ  mwlPSDVDisk  NetBIOS  NetBT  nsiproxy

Psched

rdbss

spldr

tdx

ui11drdr

vwififlt

Wanarpv6

WfpLwf

 

Error - 21.07.2012 05:56:11 | Computer Name = Acer-NetBook | Source = DCOM | ID = 10005

Description = 

 

Error - 21.07.2012 06:00:53 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%306.

 

Error - 21.07.2012 06:01:52 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7034

Description = Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies 

ist bereits 1 Mal passiert.

 

Error - 21.07.2012 06:02:14 | Computer Name = Acer-NetBook | Source = DCOM | ID = 10016

Description = 

 

Error - 21.07.2012 06:04:38 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%-2147023143.

 

Error - 21.07.2012 08:13:12 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Lbd" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 21.07.2012 08:20:32 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom  Lbd

 

Error - 21.07.2012 08:20:35 | Computer Name = Acer-NetBook | Source = DCOM | ID = 10016

Description = 

 

Error - 21.07.2012 08:21:18 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%-2147023143.

 

 

< End of report >

--- --- ---

...Hier als ZIP Files

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL

PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () 

PRC - C:\Windows\snuvcdsm.exe () 

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) 

PRC - C:\Windows\PLFSetI.exe () 

MOD - C:\Users\JoeCool\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll () 

MOD - C:\Users\JoeCool\AppData\Roaming\13001.026\components\AcroFF026.dll () 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW 

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 

IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found 

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 

IE - HKCU\..\SearchScopes\{074E482C-DD2C-42B8-96A8-F67ECCE9D474}: "URL" = http://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} 

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=9a65cef7000000000000001e64348cf3 

IE - HKCU\..\SearchScopes\{45F03664-29FC-4820-A20A-8DE6B05D7FB2}: "URL" = http://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on 

IE - HKCU\..\SearchScopes\{6299DCEA-64DA-464A-9A47-0BE3CAEED0DB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838 

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE357DE357 

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 

IE - HKCU\..\SearchScopes\{86B187AB-D745-4E00-A33A-93D6330BCFB8}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} 

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={42903223-B249-4FA0-AF3F-5D1BAAACD349}&mid=36b9e18315d147d183b1d16fd89b6449-75968e8b8846c8686ff11da71a6687c5bf2fec85&lang=de&ds=tt014&pr=sa&d=2011-12-11 09:34:09&v=8.0.0.34&sap=dsp&q={searchTerms} 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 

FF - user.js - File not found 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox 

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found. 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. 

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () 

O4:64bit: - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe () 

O4 - HKLM..\Run: [] File not found 

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found 

O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe () 

O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108859 

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found 

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found 

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O32 - HKLM CDRom: AutoRun - 1 

O33 - MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\Shell - "" = AutoRun 

O33 - MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\Shell\AutoRun\command - "" = D:\USBAutoRun.exe 
 

[2012.06.12 18:08:25 | 000,000,860 | ---- | M] () -- C:\Windows\SysWow64\runrefog.lnk 

[2012.06.12 18:08:25 | 000,000,860 | ---- | C] () -- C:\Windows\SysWow64\runrefog.lnk 

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2 

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA 

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F 

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D 

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE 

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 
 
 

[2012.07.12 14:40:32 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\UAs 

[2012.07.22 10:05:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 

[2012.07.22 09:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

[2012.07.21 18:05:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

[2012.07.21 11:53:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad 

[2012.07.08 20:39:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad 

[2012.06.26 11:49:41 | 001,842,876 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI 

[2012.06.12 18:08:25 | 000,000,860 | ---- | M] () -- C:\Windows\SysWow64\runrefog.lnk 
 
 

:Files
 

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Ok, mach ich sobald Malwarbytes durch ist. Danke!

Hier nun das LOG von Malwarbytes: (Keine Funde)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JoeCool :: ACER-NETBOOK [Administrator]

22.07.2012 10:54:45
mbam-log-2012-07-22 (10-54-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399787
Laufzeit: 1 Stunde(n), 52 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Mach dann als nächstes die OTL Reinigung wie oben beschrieben. Geht aber erst heut nachmittag.

So, hab jetzt OTL mit den Script laufen lassen. Mittendrin hat sich Windows mit "Es ist ein kritischer Fehler aufgetreten. Windows wird in einer Minute heruntergefahren..."
OTL ist aber noch zu ende gelaufen und hat dann nach Neustert gefragt. Ich hab mit "OK" bestätigt.

Hier das Log:

Code:

All processes killed

========== OTL ==========

No active process named Program Files was found!

No active process named snuvcdsm.exe was found!

No active process named Program Files was found!

No active process named PLFSetI.exe was found!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{074E482C-DD2C-42B8-96A8-F67ECCE9D474}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074E482C-DD2C-42B8-96A8-F67ECCE9D474}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{45F03664-29FC-4820-A20A-8DE6B05D7FB2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45F03664-29FC-4820-A20A-8DE6B05D7FB2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6299DCEA-64DA-464A-9A47-0BE3CAEED0DB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6299DCEA-64DA-464A-9A47-0BE3CAEED0DB}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86B187AB-D745-4E00-A33A-93D6330BCFB8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86B187AB-D745-4E00-A33A-93D6330BCFB8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66BD2442-241B-44CD-8C7A-B51037053CDB} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E111A5C-3D11-4F56-9463-5310C3C69025} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLFSetI deleted successfully.

C:\Windows\PLFSetI.exe moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SNUVCDSM deleted successfully.

C:\Windows\snuvcdsm.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snuvcdsm deleted successfully.

File C:\Windows\snuvcdsm.exe not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\ not found.

File D:\USBAutoRun.exe not found.

C:\Windows\SysWow64\runrefog.lnk moved successfully.

File C:\Windows\SysWow64\runrefog.lnk not found.

ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.

ADS C:\ProgramData\Temp:AB689DEA deleted successfully.

ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.

ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.

ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.

ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.

ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.

C:\Users\JoeCool\AppData\Roaming\UAs folder moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\ProgramData\kp_0loor.pad moved successfully.

C:\ProgramData\go_0molg.pad moved successfully.

C:\Windows\SysWOW64\PerfStringBackup.INI moved successfully.

File C:\Windows\SysWow64\runrefog.lnk not found.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\JoeCool\Desktop\cmd.bat deleted successfully.

C:\Users\JoeCool\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56478 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Hanni

 

User: JoeCool

->Temp folder emptied: 13593670 bytes

->Temporary Internet Files folder emptied: 46077541 bytes

->Java cache emptied: 67218870 bytes

->FireFox cache emptied: 445832133 bytes

->Google Chrome cache emptied: 42752132 bytes

->Flash cache emptied: 116018 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 24928 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1091569 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 588,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Hanni

 

User: JoeCool

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.54.0 log created on 07222012_145700
 

Files\Folders moved on Reboot...

C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...

File C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

Und im Anhang nochmal als ZIP...

Hab jetzt auch mal alle wichtigen Windows Updates gemacht.
System läuft soweit rund.
Was wäre denn nun der nächte Schritt?

ADWCLEANER?

Sehr gut! :daumenhoc

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Ok, lass dann Malware über Nacht laufen und poste morgen. Hat ja ewig gedauert, der letzte Scan.

Vielen Dank soweit & einen schönen Sonntag noch.

Alles klar, bis morgen ;)

Hier ist jetzt doch schon mal Malwarbytes...

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.22.08
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

JoeCool :: ACER-NETBOOK [Administrator]
 

22.07.2012 20:35:36

mbam-log-2012-07-22 (20-35-36).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 402211

Laufzeit: 1 Stunde(n), 14 Minute(n), 13 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Und hier der AdwCleaner...

Code:

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 21:54:00

# Updated 20/07/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : JoeCool - ACER-NETBOOK

# Running from : C:\Users\JoeCool\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\JoeCool\AppData\Local\Conduit

Folder Found : C:\Users\JoeCool\AppData\Local\OpenCandy

Folder Found : C:\Users\JoeCool\AppData\LocalLow\Conduit

Folder Found : C:\Users\JoeCool\AppData\Roaming\OpenCandy

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\Softonic

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
 

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2548838[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2736476

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Zugo

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr

Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1

Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore

Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc

Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\Description

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Found : HKLM\SOFTWARE\Web Assistant

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit

[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

[x64] Key Found : HKCU\Software\IM

[x64] Key Found : HKCU\Software\ImInstaller

[x64] Key Found : HKCU\Software\Softonic

[x64] Key Found : HKCU\Software\Zugo

[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

[x64] Key Found : HKLM\SOFTWARE\Classes\S

[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd

[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1

[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr

[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1

[x64] Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore

[x64] Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1

[x64] Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc

[x64] Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1

[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

[x64] Key Found : HKLM\SOFTWARE\Web Assistant

[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}

Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v13.0.1 (de)
 

Profile name : default 

File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\prefs.js
 

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Found : user_pref("browser.search.defaultenginename", "MyStart Search");

Found : user_pref("browser.search.order.1", "Search the web (Babylon)");

Found : user_pref("browser.search.selectedEngine", "Search the Web");

Found : user_pref("browser.startup.homepage", "hxxp://Mystart.incredibar.com/mb124");

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119998");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "9a65cef7000000000000001e64348cf3");

Found : user_pref("extensions.BabylonToolbar_i.id", "9a65cef7000000000000001e64348cf3");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15422");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.newTab", true);

Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=119998&babsrc=NT_s[...]

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:00:45");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Found : user_pref("extensions.Softonic.admin", false);

Found : user_pref("extensions.Softonic.aflt", "orgnl");

Found : user_pref("extensions.Softonic.autoRvrt", "false");

Found : user_pref("extensions.Softonic.dfltLng", "");

Found : user_pref("extensions.Softonic.excTlbr", false);

Found : user_pref("extensions.Softonic.id", "9a65cef7000000000000001e64348cf3");

Found : user_pref("extensions.Softonic.instlDay", "15479");

Found : user_pref("extensions.Softonic.instlRef", "MON00001");

Found : user_pref("extensions.Softonic.prdct", "Softonic");

Found : user_pref("extensions.Softonic.prtnrId", "softonic");

Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]

Found : user_pref("extensions.Softonic.tlbrId", "base");

Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]

Found : user_pref("extensions.Softonic.vrsn", "1.5.21.0");

Found : user_pref("extensions.Softonic.vrsni", "1.5.21.0");

Found : user_pref("extensions.Softonic_i.newTab", false);

Found : user_pref("extensions.Softonic_i.smplGrp", "none");

Found : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.011:51:49");

Found : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,googlebar@google.com:1.0,{972ce4[...]

Found : user_pref("extensions.incredibar.actvtyRptTime", "1339484352821");

Found : user_pref("extensions.incredibar.admin", false);

Found : user_pref("extensions.incredibar.aflt", "orgnl");

Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");

Found : user_pref("extensions.incredibar.cntry", "DE");

Found : user_pref("extensions.incredibar.dfltLng", "EN");

Found : user_pref("extensions.incredibar.dfltSrch", false);

Found : user_pref("extensions.incredibar.dfltlng", "EN");

Found : user_pref("extensions.incredibar.dfltsrch", "false");

Found : user_pref("extensions.incredibar.did", "10657");

Found : user_pref("extensions.incredibar.envrmnt", "production");

Found : user_pref("extensions.incredibar.excTlbr", false);

Found : user_pref("extensions.incredibar.hdrMd5", "0A3A46359486F678F6583F5DB39F58FF");

Found : user_pref("extensions.incredibar.hmpg", false);

Found : user_pref("extensions.incredibar.hrdid", "0");

Found : user_pref("extensions.incredibar.id", "9a65cef7000000000000001e64348cf3");

Found : user_pref("extensions.incredibar.installerproductid", "26");

Found : user_pref("extensions.incredibar.instlDay", "15503");

Found : user_pref("extensions.incredibar.instlRef", "");

Found : user_pref("extensions.incredibar.instlday", "15503");

Found : user_pref("extensions.incredibar.instlref", "");

Found : user_pref("extensions.incredibar.isDcmntCmplt", true);

Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");

Found : user_pref("extensions.incredibar.keywordurl", "");

Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.148:15:03");

Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Found : user_pref("extensions.incredibar.newTab", false);

Found : user_pref("extensions.incredibar.newtab", "false");

Found : user_pref("extensions.incredibar.newtaburl", "");

Found : user_pref("extensions.incredibar.noFFXTlbr", false);

Found : user_pref("extensions.incredibar.ppd", "");

Found : user_pref("extensions.incredibar.prdct", "incredibar");

Found : user_pref("extensions.incredibar.productid", "26");

Found : user_pref("extensions.incredibar.propectorlck", 78067074);

Found : user_pref("extensions.incredibar.prtkHmpg", 1);

Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");

Found : user_pref("extensions.incredibar.sg", "none");

Found : user_pref("extensions.incredibar.smplGrp", "none");

Found : user_pref("extensions.incredibar.smplgrp", "none");

Found : user_pref("extensions.incredibar.srch", "");

Found : user_pref("extensions.incredibar.srchprvdr", "");

Found : user_pref("extensions.incredibar.tlbrId", "base");

Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]

Found : user_pref("extensions.incredibar.tlbrid", "base");

Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]

Found : user_pref("extensions.incredibar.upn2", "6OyEHkzSSo");

Found : user_pref("extensions.incredibar.upn2n", "92261571160651468");

Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.148:15:03");

Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.148:15:03");

Found : user_pref("extensions.incredibar_i.aflt", "orgnl");

Found : user_pref("extensions.incredibar_i.dfltLng", "");

Found : user_pref("extensions.incredibar_i.did", "10657");

Found : user_pref("extensions.incredibar_i.excTlbr", false);

Found : user_pref("extensions.incredibar_i.id", "9a65cef7000000000000001e64348cf3");

Found : user_pref("extensions.incredibar_i.installerproductid", "26");

Found : user_pref("extensions.incredibar_i.instlDay", "15503");

Found : user_pref("extensions.incredibar_i.instlRef", "");

Found : user_pref("extensions.incredibar_i.ms_url_id", "");

Found : user_pref("extensions.incredibar_i.newTab", false);

Found : user_pref("extensions.incredibar_i.ppd", "");

Found : user_pref("extensions.incredibar_i.prdct", "incredibar");

Found : user_pref("extensions.incredibar_i.productid", "26");

Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Found : user_pref("extensions.incredibar_i.smplGrp", "none");

Found : user_pref("extensions.incredibar_i.tlbrId", "base");

Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB[...]

Found : user_pref("extensions.incredibar_i.upn2", "6OyEHkzSSo");

Found : user_pref("extensions.incredibar_i.upn2n", "92261571160651468");

Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:15:03");

Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyEHkzSSo&&i=26&search="[...]

Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
 

Profile name : default-1339507078693 [Profil par défaut]

File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\prefs.js
 

[OK] File is clean.
 

-\\ Google Chrome v [Unable to get version]
 

File : C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [18564 octets] - [22/07/2012 21:54:00]
 

########## EOF - C:\AdwCleaner[R1].txt - [18693 octets] ##########

Sehr gut! :daumenhoc

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Guten Morgen,

hier schonmal der neue Report von ADW. Emisoft läuft noch...

Code:

# AdwCleaner v1.703 - Logfile created 07/23/2012 at 07:29:35

# Updated 20/07/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : JoeCool - ACER-NETBOOK

# Running from : C:\Users\JoeCool\Desktop\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\JoeCool\AppData\Local\Conduit

Folder Deleted : C:\Users\JoeCool\AppData\Local\OpenCandy

Folder Deleted : C:\Users\JoeCool\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\JoeCool\AppData\Roaming\OpenCandy

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Softonic

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
 

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2548838[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr

Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc

Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Description

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Web Assistant

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant
 

***** [Registre - GUID] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v13.0.1 (de)
 

Profile name : default 

File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\prefs.js
 

C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\user.js ... Deleted !
 

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.search.selectedEngine", "Search the Web");

Deleted : user_pref("browser.startup.homepage", "hxxp://Mystart.incredibar.com/mb124");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119998");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "9a65cef7000000000000001e64348cf3");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "9a65cef7000000000000001e64348cf3");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15422");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=119998&babsrc=NT_s[...]

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:00:45");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.Softonic.admin", false);

Deleted : user_pref("extensions.Softonic.aflt", "orgnl");

Deleted : user_pref("extensions.Softonic.autoRvrt", "false");

Deleted : user_pref("extensions.Softonic.dfltLng", "");

Deleted : user_pref("extensions.Softonic.excTlbr", false);

Deleted : user_pref("extensions.Softonic.id", "9a65cef7000000000000001e64348cf3");

Deleted : user_pref("extensions.Softonic.instlDay", "15479");

Deleted : user_pref("extensions.Softonic.instlRef", "MON00001");

Deleted : user_pref("extensions.Softonic.prdct", "Softonic");

Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");

Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]

Deleted : user_pref("extensions.Softonic.tlbrId", "base");

Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]

Deleted : user_pref("extensions.Softonic.vrsn", "1.5.21.0");

Deleted : user_pref("extensions.Softonic.vrsni", "1.5.21.0");

Deleted : user_pref("extensions.Softonic_i.newTab", false);

Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");

Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.011:51:49");

Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,googlebar@google.com:1.0,{972ce4[...]

Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1339484352821");

Deleted : user_pref("extensions.incredibar.admin", false);

Deleted : user_pref("extensions.incredibar.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");

Deleted : user_pref("extensions.incredibar.cntry", "DE");

Deleted : user_pref("extensions.incredibar.dfltLng", "EN");

Deleted : user_pref("extensions.incredibar.dfltSrch", false);

Deleted : user_pref("extensions.incredibar.dfltlng", "EN");

Deleted : user_pref("extensions.incredibar.dfltsrch", "false");

Deleted : user_pref("extensions.incredibar.did", "10657");

Deleted : user_pref("extensions.incredibar.envrmnt", "production");

Deleted : user_pref("extensions.incredibar.excTlbr", false);

Deleted : user_pref("extensions.incredibar.hdrMd5", "0A3A46359486F678F6583F5DB39F58FF");

Deleted : user_pref("extensions.incredibar.hmpg", false);

Deleted : user_pref("extensions.incredibar.hrdid", "0");

Deleted : user_pref("extensions.incredibar.id", "9a65cef7000000000000001e64348cf3");

Deleted : user_pref("extensions.incredibar.installerproductid", "26");

Deleted : user_pref("extensions.incredibar.instlDay", "15503");

Deleted : user_pref("extensions.incredibar.instlRef", "");

Deleted : user_pref("extensions.incredibar.instlday", "15503");

Deleted : user_pref("extensions.incredibar.instlref", "");

Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);

Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.incredibar.keywordurl", "");

Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.148:15:03");

Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Deleted : user_pref("extensions.incredibar.newTab", false);

Deleted : user_pref("extensions.incredibar.newtab", "false");

Deleted : user_pref("extensions.incredibar.newtaburl", "");

Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);

Deleted : user_pref("extensions.incredibar.ppd", "");

Deleted : user_pref("extensions.incredibar.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar.productid", "26");

Deleted : user_pref("extensions.incredibar.propectorlck", 78067074);

Deleted : user_pref("extensions.incredibar.prtkHmpg", 1);

Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");

Deleted : user_pref("extensions.incredibar.sg", "none");

Deleted : user_pref("extensions.incredibar.smplGrp", "none");

Deleted : user_pref("extensions.incredibar.smplgrp", "none");

Deleted : user_pref("extensions.incredibar.srch", "");

Deleted : user_pref("extensions.incredibar.srchprvdr", "");

Deleted : user_pref("extensions.incredibar.tlbrId", "base");

Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]

Deleted : user_pref("extensions.incredibar.tlbrid", "base");

Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]

Deleted : user_pref("extensions.incredibar.upn2", "6OyEHkzSSo");

Deleted : user_pref("extensions.incredibar.upn2n", "92261571160651468");

Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.148:15:03");

Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.148:15:03");

Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar_i.dfltLng", "");

Deleted : user_pref("extensions.incredibar_i.did", "10657");

Deleted : user_pref("extensions.incredibar_i.excTlbr", false);

Deleted : user_pref("extensions.incredibar_i.id", "9a65cef7000000000000001e64348cf3");

Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");

Deleted : user_pref("extensions.incredibar_i.instlDay", "15503");

Deleted : user_pref("extensions.incredibar_i.instlRef", "");

Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");

Deleted : user_pref("extensions.incredibar_i.newTab", false);

Deleted : user_pref("extensions.incredibar_i.ppd", "");

Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar_i.productid", "26");

Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");

Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");

Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB[...]

Deleted : user_pref("extensions.incredibar_i.upn2", "6OyEHkzSSo");

Deleted : user_pref("extensions.incredibar_i.upn2n", "92261571160651468");

Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:15:03");

Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyEHkzSSo&&i=26&search="[...]

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
 

Profile name : default-1339507078693 [Profil par défaut]

File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\prefs.js
 

[OK] File is clean.
 

-\\ Google Chrome v [Unable to get version]
 

File : C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [18599 octets] - [22/07/2012 21:54:00]

AdwCleaner[S1].txt - [276 octets] - [23/07/2012 07:29:06]

AdwCleaner[S2].txt - [16850 octets] - [23/07/2012 07:29:35]
 

########## EOF - C:\AdwCleaner[S2].txt - [16979 octets] ##########

Hier noch die Adw S1:

Code:

# AdwCleaner v1.703 - Logfile created 07/23/2012 at 07:29:06

# Updated 20/07/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : JoeCool - ACER-NETBOOK

# Running from : C:\Users\JoeCool\Desktop\adwcleaner.exe

# Option [Delete]

Emisoft nährt sich dem Ende...

So, hier nun der Bericht von Emisoft. Das meiste ist wohl recht harmlos, aber am Ende finden sich dann doch ein Paar Kracher :-(
Hab noch nichts gelöscht.

Code:

Emsisoft Anti-Malware - Version 6.6

Letztes Update: 23.07.2012 07:41:21
 

Scan Einstellungen:
 

Scan Methode: Detail Scan

Objekte: Rootkits, Speicher, Traces, C:\

Archiv Scan: An

ADS Scan: An
 

Scan Beginn:        23.07.2012 07:41:45
 

c:\users\joecool\appdata\roaming\microsoft\windows\start menu\programs\partypoker         gefunden: Trace.File.partypoker!E1

c:\program files (x86)\ascentive\performance center         gefunden: Trace.File.spyware striker pro!E1

c:\users\joecool\appdata\roaming\pacificpoker\         gefunden: Trace.File.pacificpoker!E1

Value: hkey_current_user\software\pokerinstaller --> fullpath         gefunden: Trace.Registry.pacific poker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 1         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 2         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 4         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 5         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 6         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 7         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 9         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> apppath         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> id         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> initialport         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> installstate         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> mucklosinghand         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> sl         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> tabletype         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming\partypoker --> usecount         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> autologintoothergames         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> cfdialogshown         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> freshinstall         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\partygaming --> oldcfformat         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> buttontext         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> clsid         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> default visible         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> exec         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> hoticon         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> icon         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> menustatusbar         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> menutext         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> path         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayicon         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayname         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayversion         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installdate         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installlocation         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsource         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsourcefile         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> publisher         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> silentsettings         gefunden: Trace.Registry.partypoker!E1

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> uninstallstring         gefunden: Trace.Registry.partypoker!E1

Value: hkey_current_user\software\pokerinstaller --> installer_guid         gefunden: Trace.Registry.pacific poker!E1

Value: hkey_current_user\software\pokerinstaller --> url_casino_2         gefunden: Trace.Registry.pacific poker!E1

Value: hkey_current_user\software\partygaming\partypoker --> 10         gefunden: Trace.Registry.partypoker!E1

Key: hkey_current_user\software\pacificpoker         gefunden: Trace.Registry.pacificpoker!E1

Key: hkey_current_user\software\pacificpoker\poker         gefunden: Trace.Registry.pacificpoker!E1

Key: hkey_current_user\software\pacificpoker\poker\init         gefunden: Trace.Registry.pacificpoker!E1

Key: hkey_current_user\software\pokerinstaller         gefunden: Trace.Registry.pacificpoker!E1

C:\Users\JoeCool\Downloads\backups\backup-20111202-113817-403.dll         gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1

C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\BrowserPasswordDecryptor.exe         gefunden: Riskware.PSWTool.Win32.PasswordRecovery.AMN!E1

C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\NetworkPasswordDecryptor.exe         gefunden: Trojan.Win32.SecurityXploded.AMN!E1

C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\YahooPasswordDecryptor.exe         gefunden: Trojan.Win32.SecurityXploded.AMN!E1
 

Gescannt        637126

Gefunden        54
 

Scan Ende:        23.07.2012 10:06:47

Scan Zeit:        2:25:02

Hier nochmal Adw und Emisoft als Zip

Du brauchst die Logs nicht anhaengen, wenn du sie gepostet hast. Also entweder - oder. :)

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

So, hat ne Ewigkeit gedauert und 2 Viren gefunden...

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2795bedf0453a1419da4152ec4bfcd29

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-23 12:47:36

# local_time=2012-07-23 02:47:36 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 2258176 2258176 0 0

# compatibility_mode=5893 16776574 100 94 40164986 94666108 0 0

# compatibility_mode=8192 67108863 100 0 103 103 0 0

# scanned=208708

# found=2

# cleaned=2

# scan_time=11398

C:\Users\JoeCool\AppData\Roaming\13001.025\components\AcroFFe.dll        a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Users\JoeCool\AppData\Roaming\13001.026\components\AcroFF026.dll        a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Also ich hab kein IE Icon bekommen. Dafür waren dann die Fierefox icons plötzlich alle kaputt (liefen ins leere und wurden gelöscht...).
Nach neustart läuft Firefox jetzt aber wieder. Hier die Logs:

[CODE]
Combofix Logfile:

Code:

ComboFix 12-07-21.01 - JoeCool 23.07.2012  19:55:57.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1979.782 [GMT 2:00]

ausgeführt von:: c:\users\JoeCool\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Cannonnt

c:\program files (x86)\Common Files\Acer GameZone online.ico

c:\program files (x86)\xp-AntiSpy

c:\program files (x86)\xp-AntiSpy\Uninstall.exe

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url

c:\programdata\1&1

c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml

c:\programdata\Roaming

c:\users\JoeCool\AppData\Local\assembly\tmp

c:\users\JoeCool\AppData\Roaming\.#

c:\users\JoeCool\AppData\Roaming\1&1

c:\users\JoeCool\AppData\Roaming\1&1\1&1 Office-Drive Manager\ULMSettings.xml

c:\users\JoeCool\AppData\Roaming\AcroIEHelpe.txt

c:\users\JoeCool\AppData\Roaming\srvblck5.tmp

c:\windows\dwatson.dll

c:\windows\IsUn0407.exe

c:\windows\ntcore.dll

c:\windows\NTVDLL.dll

c:\windows\refsdm.dll

c:\windows\SysWow64\c.dll

c:\windows\winclfile.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-06-23 bis 2012-07-23  ))))))))))))))))))))))))))))))

.

.

2012-07-23 18:06 . 2012-07-23 18:06        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-07-23 05:37 . 2012-07-23 09:29        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware

2012-07-22 16:22 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys

2012-07-22 14:40 . 2012-07-22 14:40        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2012-07-22 14:22 . 2012-07-22 14:22        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%

2012-07-22 14:20 . 2012-06-09 05:43        14172672        ----a-w-        c:\windows\system32\shell32.dll

2012-07-22 14:20 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll

2012-07-22 14:20 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-07-22 14:20 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll

2012-07-22 14:20 . 2012-06-06 06:06        1881600        ----a-w-        c:\windows\system32\msxml3.dll

2012-07-22 14:20 . 2012-06-06 05:05        1390080        ----a-w-        c:\windows\SysWow64\msxml6.dll

2012-07-22 14:20 . 2012-06-06 05:05        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll

2012-07-22 14:20 . 2010-06-26 03:55        2048        ----a-w-        c:\windows\system32\msxml3r.dll

2012-07-22 14:20 . 2010-06-26 03:24        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll

2012-07-22 14:19 . 2012-06-02 05:50        458704        ----a-w-        c:\windows\system32\drivers\cng.sys

2012-07-22 14:19 . 2012-06-02 05:48        95600        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-07-22 14:19 . 2012-06-02 05:48        151920        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2012-07-22 14:19 . 2012-06-02 05:45        340992        ----a-w-        c:\windows\system32\schannel.dll

2012-07-22 14:19 . 2012-06-02 05:44        307200        ----a-w-        c:\windows\system32\ncrypt.dll

2012-07-22 14:19 . 2012-06-02 04:40        225280        ----a-w-        c:\windows\SysWow64\schannel.dll

2012-07-22 14:19 . 2012-06-02 04:39        219136        ----a-w-        c:\windows\SysWow64\ncrypt.dll

2012-07-22 14:19 . 2012-06-02 04:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2012-07-22 14:19 . 2012-06-02 04:34        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2012-07-22 14:19 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys

2012-07-22 14:17 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-07-22 14:17 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-07-22 14:17 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-07-22 14:17 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-07-22 14:13 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL

2012-07-22 14:13 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-07-22 14:13 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll

2012-07-22 14:13 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll

2012-07-22 14:13 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-07-22 14:13 . 2012-06-06 06:05        1499136        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll

2012-07-22 14:13 . 2012-06-06 05:05        1019904        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-22 14:12 . 2012-06-06 06:05        466944        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll

2012-07-22 14:12 . 2012-06-06 06:05        258048        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll

2012-07-22 14:12 . 2012-06-06 05:03        805376        ----a-w-        c:\windows\SysWow64\cdosys.dll

2012-07-22 14:12 . 2012-06-06 06:05        495616        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll

2012-07-22 14:12 . 2012-06-06 05:05        352256        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-22 14:12 . 2012-06-06 05:05        57344        ----a-w-        c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-22 14:12 . 2012-06-06 06:05        61440        ----a-w-        c:\program files\Common Files\System\ado\msador15.dll

2012-07-22 14:12 . 2012-06-06 05:05        212992        ----a-w-        c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-22 14:12 . 2012-06-06 06:02        1133568        ----a-w-        c:\windows\system32\cdosys.dll

2012-07-22 14:12 . 2012-06-06 05:05        143360        ----a-w-        c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-22 14:12 . 2012-06-06 05:05        372736        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-22 12:57 . 2012-07-22 12:57        --------        d-----w-        C:\_OTL

2012-07-22 12:44 . 2012-07-22 12:44        476976        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2012-07-21 12:14 . 2012-07-21 13:45        --------        d-----w-        c:\users\JoeCool\AppData\Local\adaware

2012-07-21 12:13 . 2011-12-19 10:44        60536        ----a-w-        c:\windows\system32\drivers\sbhips.sys

2012-07-21 12:13 . 2011-12-19 11:21        45936        ----a-w-        c:\windows\system32\sbbd.exe

2012-07-21 12:13 . 2012-07-21 12:20        --------        d-----w-        c:\program files (x86)\Ad-Aware Antivirus

2012-07-21 12:11 . 2012-07-23 09:31        --------        d-----w-        c:\programdata\Ad-Aware Browsing Protection

2012-07-21 12:10 . 2012-07-21 12:11        --------        d-----w-        c:\program files (x86)\adawaretb

2012-07-21 12:09 . 2012-07-22 10:03        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\Ad-Aware Antivirus

2012-07-17 16:00 . 2012-07-17 16:00        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.026

2012-07-17 10:52 . 2012-07-22 12:44        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\Skype

2012-07-17 10:51 . 2012-07-17 10:51        --------        d-----r-        c:\program files (x86)\Skype

2012-07-17 10:51 . 2012-07-17 10:51        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-07-17 10:51 . 2012-07-17 10:52        --------        d-----w-        c:\programdata\Skype

2012-07-14 18:46 . 2012-07-15 07:54        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.025

2012-07-13 15:08 . 2012-07-14 05:29        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.024

2012-07-12 18:42 . 2012-07-12 18:42        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.023

2012-07-12 12:04 . 2012-07-12 12:05        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.022

2012-07-12 12:04 . 2012-07-17 10:54        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\xmldm

2012-07-12 12:04 . 2012-07-12 12:04        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\kock

2012-07-06 10:55 . 2012-07-06 10:55        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\EurekaLog

2012-06-27 06:27 . 2012-06-27 06:27        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\Avira

2012-06-27 06:21 . 2012-05-02 13:24        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-06-27 06:21 . 2012-04-27 08:20        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-06-27 06:21 . 2012-04-24 22:32        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-06-27 06:21 . 2012-06-27 06:21        --------        d-----w-        c:\programdata\Avira

2012-06-27 06:21 . 2012-06-27 06:21        --------        d-----w-        c:\program files (x86)\Avira

2012-06-26 10:02 . 2011-06-02 05:47        177640        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys

2012-06-26 10:02 . 2011-06-02 05:47        13800        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys

2012-06-26 10:02 . 2011-06-02 05:47        16872        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys

2012-06-26 10:02 . 2011-06-02 05:47        157672        ----a-w-        c:\windows\system32\drivers\ssadbus.sys

2012-06-26 10:02 . 2011-06-02 05:47        13288        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys

2012-06-26 09:33 . 2012-06-26 09:38        --------        d-----w-        C:\2c9c9d0d276235ed2517d9b428

2012-06-25 11:07 . 2012-06-25 11:07        --------        d-----w-        c:\program files (x86)\BMWi-Businessplaner

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-22 12:44 . 2010-06-27 13:02        472880        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-07-12 07:20 . 2012-04-18 10:39        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 07:20 . 2011-07-24 12:29        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 11:46 . 2011-12-02 10:13        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-07-03 01:19 . 2009-12-25 13:09        59701280        ----a-w-        c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-19 10:22        38424        ----a-w-        c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 10:22        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 10:22        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 10:22        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 10:22        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 10:22        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 10:22        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-19 10:21        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-19 10:21        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-05-29 07:38 . 2011-12-23 19:58        330240        ----a-w-        c:\windows\MASetupCaller.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2012-04-11 20:08        87440        ----a-w-        c:\program files (x86)\adawaretb\adawareDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

"1&1_1&1 Office-Drive Manager"="c:\program files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" [2011-08-03 964688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-16 27760]

"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]

"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 7 (0x7)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]

R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]

R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-07-23 15672]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R4 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys [2011-08-03 199752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]

S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]

S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-06 119632]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 msftesql$COMBIT_CRM;SQL Server-Volltextsuche (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]

S2 MSSQL$COMBIT_CRM;SQL Server (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-06 20552]

S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2000-01-01 76912]

S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-24 11856]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]

"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 11780712]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - c:\program files (x86)\ELOoffice\EloArcConnect.exe

IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - c:\program files (x86)\ELOoffice\EloInternetExplorer.htm

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\

FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PhotoRecord - c:\windows\IsUn0407.exe

AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe

AddRemove-Video Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$COMBIT_CRM]

"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:COMBIT_CRM"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\programdata\TVersity\Media Server\MediaServer.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-07-23  20:19:56 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-07-23 18:19

.

Vor Suchlauf: 17 Verzeichnis(se), 163.354.742.784 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 163.112.054.784 Bytes frei

.

- - End Of File - - 402ACD80BEE4E1D04BF0F7606F36E357

--- --- ---

Code:



 Update for Microsoft Office 2007 (KB2508958)

1&1 Office-Drive Manager

6300

6300_Help

6300Trb

Acer Crystal Eye webcam Ver:1.1.95.714

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer GridVista

Acer Registration

Acer ScreenSaver

Acer Updater

Acer VCM

Acrobat.com

ActiveTrader 5.1.2_b2

Ad-Aware Antivirus

Ad-Aware Browsing Protection

Ad-Aware Security Toolbar

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1 MUI

Adobe Shockwave Player 11.5

Advanced Renamer

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Alcor Micro USB Card Reader

Alice Greenfingers

Amazonia

Apple Software Update

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

Avira Free Antivirus

AVM FRITZ!Box Dokumentation

BGBlitz 2.7.0

BitTorrent

BMWi-Businessplaner Gründung

BufferChm

C:\Users\JoeCool\AppData\Local\Temp\Rar$EX00.762\SDSD DEMO CPEditor

C:\Users\JoeCool\VAIO\Joe Cool\Eigene Dateien\MariCon\SDL Complete\Charter Party Editor 32bit (2006)

Calculatem Pro

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MG5200 series Benutzerregistrierung

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 4.0

Canon My Printer

Canon PhotoRecord

Canon Solution Menu EX

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow Launcher

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CD-LabelPrint

Charter Party Viewer

Chicken Invaders 2

Compatibility Pack für 2007 Office System

CSS3 Menu

CyberLink PowerDVD 8

Dairy Dash

DATA BECKER TWIN 7 Tweaker

Dia (nur entfernen)

DocProc

Dream Day First Home

DSL-Speedtest

ELO Pdf Drucker

ELOoffice

ElsterFormular

Farm Frenzy 2

First Class Flurry

funScreenScraping Client Version

funScreenScraping Microsoft Systemdateien

Google Apps Migration For Microsoft Outlook® 2.3.12.34

Google Calendar Sync

Google Update Helper

GPL Ghostscript

Granny In Paradise

GSview 5.0

Haufe iDesk-Browser

Haufe iDesk-Service

Heroes of Hellas

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HPPhotoGadget

Identity Card

IKEA Home Planner

Inkscape 0.48.3.1

Intel PROSet Wireless

Intel(R) Rapid Storage Technology

IrfanView (remove only)

Java Auto Updater

Java(TM) 6 Update 33

Java(TM) SE Runtime Environment 6

JellyFish Light 3.5

julitecCRM 6.0

Junk Mail filter update

K-Lite Codec Pack 5.6.1 (Basic)

KompoZer 0.8b3

Launch Manager

Lexware Abschreibungsrechner

Lexware büro easy 2007

Lexware Info Service

Lexware online banking 4.80

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

LG United Mobile Drivers

LG USB Modem Drivers

LinkedIn Outlook Connector

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware Version 1.62.0.1300

Merriam Websters Spell Jam

Microsoft Choice Guard

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (German) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (German) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (German) 2007

Microsoft Office InfoPath MUI (German) 2007

Microsoft Office Language Pack 2007 - German/Deutsch

Microsoft Office Live Add-in 1.5

Microsoft Office O MUI (German) 2007

Microsoft Office OneNote MUI (German) 2007

Microsoft Office Outlook MUI (German) 2007

Microsoft Office PowerPoint MUI (German) 2007

Microsoft Office PowerPoint Viewer 2007 (German)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (German) 2007

Microsoft Office Shared MUI (German) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

Microsoft Office SharePoint Designer MUI (German) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (German) 2007

Microsoft Office X MUI (German) 2007

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 (COMBIT_CRM)

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 13.0.1 (x86 de)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

Netpas Distance

Nvu 1.0

OutlookAddInNet3Setup

PC Inspector File Recovery

PDFCreator

Picasa 3

PNMD

Protect Disc License Helper 1.0.118

QuickSteuer 2010

QuickSteuer Wissens-Center 2010

QuickTime

Realtek High Definition Audio Driver

Remote Control USB Driver

Samsung Kies

Scan

Scribus 1.4.1

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 

Serif PagePlus Starter Edition

Servicepack Datumsaktualisierung

Skype™ 5.10

SopCast 3.5.0

Spybot - Search & Destroy

System Requirements Lab for Intel

Tinypic 3.18

Toolbox

Tools für Microsoft SQL Server 2005

TreeSize Free V2.5

TuneUp Utilities 2012

TuneUp Utilities Language Pack (de-DE)

TVersity Codec Pack 1.7

TVersity Media Server 1.9.7

UnloadSupport

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

Update für Microsoft Office Excel 2007 Help (KB963678)

Update für Microsoft Office Outlook 2007 Help (KB963677)

Update für Microsoft Office Powerpoint 2007 Help (KB963669)

Update für Microsoft Office Word 2007 Help (KB963665)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Video Player

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebCam

WebReg

Welcome Center

Windows Live-Uploadtool

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Sync

Windows Live Writer

WinRAR

WOW Slider

Xiph.Org Open Codecs 0.85.17777

xp-AntiSpy 3.97-7

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Here we go...
Bin dann morgen wieder Online. Nähren wir uns dem Ende ? :crazy:

OTL Logfile:

Code:

OTL logfile created on: 23.07.2012 23:17:00 - Run 2

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\JoeCool\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,93 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 59,80% Memory free

3,87 Gb Paging File | 2,40 Gb Available in Paging File | 62,05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220,79 Gb Total Space | 152,07 Gb Free Space | 68,88% Space Free | Partition Type: NTFS

Drive D: | 7,51 Gb Total Space | 7,45 Gb Free Space | 99,18% Space Free | Partition Type: FAT32

 

Computer Name: ACER-NETBOOK | User Name: JoeCool | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\JoeCool\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)

PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)

PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()

PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()

PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)

SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()

SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)

SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)

SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)

DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)

DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (ui11drdr) -- C:\Windows\SysNative\drivers\ui11drdr.SYS (1&1 Internet AG)

DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)

DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\googlebar@google.com: C:\Users\JoeCool\AppData\Roaming\Google_Toolbar\Google_Toolbar\1.0.0.0 [2012.06.12 14:47:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\JoeCool\AppData\Roaming\13001.026 [2012.07.17 18:00:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.04.22 07:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Extensions

[2012.07.21 14:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions

[2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions

[2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

[2012.07.22 14:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.07.22 14:44:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2011.07.19 11:45:01 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES (X86)\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}

[2012.06.20 20:59:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.11.11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

[2012.02.18 08:35:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.18 08:35:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.18 08:35:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.18 08:35:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.18 08:35:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.18 08:35:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: hxxp://www.google.com

CHR - Extension: No name found = C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0\

 

O1 HOSTS File: ([2012.07.23 20:06:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001..\Run: [1&1_1&1 Office-Drive Manager] C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG)

O4 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found

O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found

O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found

O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 7

O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe ()

O9:64bit: - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209CAB17-3433-4606-BBA1-C77E5434E188}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF772E7-62EB-4A1D-9BD0-AE5DDB4DECB3}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\haufereader - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\haufereader - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

 

MsConfig:64bit - StartUpReg: BlackBerryAutoUpdate - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

MsConfig:64bit - StartUpReg: RayV - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Ad-Aware Service - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SBAMSvc - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MpfService - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Ad-Aware Service - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SBAMSvc - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.23 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\1&1

[2012.07.23 20:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1

[2012.07.23 20:10:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.07.23 19:53:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.07.23 19:53:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.07.23 19:53:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.07.23 19:52:56 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.07.23 19:52:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.07.23 19:46:10 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\JoeCool\Desktop\ComboFix.exe

[2012.07.23 11:23:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\JoeCool\Desktop\esetsmartinstaller_enu.exe

[2012.07.23 07:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware

[2012.07.23 07:37:45 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\Anti-Malware

[2012.07.23 07:24:50 | 139,009,208 | ---- | C] (Emsisoft GmbH                                               ) -- C:\Users\JoeCool\Desktop\EmsisoftAntiMalwareSetup.exe

[2012.07.22 18:43:13 | 000,000,000 | R--D | C] -- C:\Users\JoeCool\Saved Games

[2012.07.22 18:43:12 | 000,000,000 | R--D | C] -- C:\Users\JoeCool\Contacts

[2012.07.22 16:40:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2012.07.22 16:22:56 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012.07.22 14:57:00 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.07.22 09:39:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe

[2012.07.21 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adaware

[2012.07.21 14:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2012.07.21 14:13:38 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys

[2012.07.21 14:13:37 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

[2012.07.21 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012.07.21 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adawarebp

[2012.07.21 14:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012.07.21 14:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb

[2012.07.21 14:09:55 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus

[2012.07.19 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Desktop\MariCon

[2012.07.17 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.026

[2012.07.17 12:52:27 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Skype

[2012.07.17 12:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.07.17 12:51:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012.07.17 12:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.07.17 12:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012.07.14 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.025

[2012.07.13 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.024

[2012.07.12 20:42:42 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.023

[2012.07.12 14:04:59 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.022

[2012.07.12 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\xmldm

[2012.07.12 14:04:30 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\kock

[2012.07.06 12:55:11 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog

[2012.06.27 08:27:05 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Avira

[2012.06.27 08:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.06.27 08:21:27 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2012.06.27 08:21:27 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2012.06.27 08:21:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.06.26 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Temp

[2012.06.26 12:02:02 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys

[2012.06.26 12:02:02 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys

[2012.06.26 12:02:01 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys

[2012.06.26 12:02:01 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys

[2012.06.26 12:02:01 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys

[2012.06.26 11:33:00 | 000,000,000 | ---D | C] -- C:\2c9c9d0d276235ed2517d9b428

[2012.06.25 13:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi-Businessplaner

[2012.06.25 13:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMWi-Businessplaner

[2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.23 21:00:38 | 000,000,344 | ---- | M] () -- C:\Windows\lgfwup.ini

[2012.07.23 20:36:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 20:36:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 20:32:59 | 001,867,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.23 20:32:59 | 000,797,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.23 20:32:59 | 000,735,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.23 20:32:59 | 000,185,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.23 20:32:59 | 000,148,698 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.23 20:28:25 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012.07.23 20:27:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.23 20:27:00 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.23 20:06:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012.07.23 19:46:14 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\JoeCool\Desktop\ComboFix.exe

[2012.07.23 11:23:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\JoeCool\Desktop\esetsmartinstaller_enu.exe

[2012.07.23 10:11:51 | 000,005,064 | ---- | M] () -- C:\Users\JoeCool\Desktop\Desktop.zip

[2012.07.23 07:25:51 | 139,009,208 | ---- | M] (Emsisoft GmbH                                               ) -- C:\Users\JoeCool\Desktop\EmsisoftAntiMalwareSetup.exe

[2012.07.22 20:01:03 | 000,190,740 | ---- | M] () -- C:\Users\JoeCool\Desktop\Whisky.jpg

[2012.07.22 18:41:34 | 000,443,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.22 18:13:38 | 001,845,404 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.07.22 15:12:55 | 000,003,152 | ---- | M] () -- C:\Users\JoeCool\Desktop\07222012_145700.zip

[2012.07.22 11:02:56 | 000,036,665 | ---- | M] () -- C:\Users\JoeCool\Desktop\OTL_Logfiles.zip

[2012.07.22 10:39:25 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.22 09:50:32 | 000,632,049 | ---- | M] () -- C:\Users\JoeCool\Desktop\adwcleaner.exe

[2012.07.22 09:39:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe

[2012.07.21 12:03:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat

[2012.07.21 12:03:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat

[2012.07.19 16:10:34 | 002,686,168 | ---- | M] () -- C:\Users\JoeCool\Desktop\Whisky.gif

[2012.07.17 18:10:48 | 000,000,051 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res

[2012.07.17 16:52:52 | 001,269,795 | ---- | M] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf

[2012.07.17 12:51:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.07.14 16:09:00 | 000,000,011 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat

[2012.07.13 23:00:55 | 000,007,030 | ---- | M] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg

[2012.07.05 23:03:34 | 000,028,648 | ---- | M] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg

[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.27 08:21:39 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.06.25 13:07:29 | 000,001,356 | ---- | M] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.07.23 19:53:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.07.23 19:53:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.07.23 19:53:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.07.23 19:53:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.07.23 19:53:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.07.23 10:11:51 | 000,005,064 | ---- | C] () -- C:\Users\JoeCool\Desktop\Desktop.zip

[2012.07.22 20:01:03 | 000,190,740 | ---- | C] () -- C:\Users\JoeCool\Desktop\Whisky.jpg

[2012.07.22 16:38:03 | 001,845,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.07.22 15:12:55 | 000,003,152 | ---- | C] () -- C:\Users\JoeCool\Desktop\07222012_145700.zip

[2012.07.22 11:02:56 | 000,036,665 | ---- | C] () -- C:\Users\JoeCool\Desktop\OTL_Logfiles.zip

[2012.07.22 09:50:26 | 000,632,049 | ---- | C] () -- C:\Users\JoeCool\Desktop\adwcleaner.exe

[2012.07.21 14:13:58 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012.07.19 16:10:33 | 002,686,168 | ---- | C] () -- C:\Users\JoeCool\Desktop\Whisky.gif

[2012.07.17 18:12:51 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.17 16:52:00 | 001,269,795 | ---- | C] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf

[2012.07.17 12:51:54 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.07.14 16:09:00 | 000,000,011 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat

[2012.07.13 23:00:51 | 000,007,030 | ---- | C] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg

[2012.07.12 14:04:50 | 000,000,051 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res

[2012.07.05 23:03:25 | 000,028,648 | ---- | C] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg

[2012.06.27 08:21:39 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.06.25 13:07:29 | 000,001,356 | ---- | C] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk

[2012.06.12 16:29:06 | 000,000,790 | ---- | C] () -- C:\Windows\slog.dll

[2012.06.10 12:17:44 | 000,007,469 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\recently-used.xbel

[2012.06.02 10:45:11 | 000,001,650 | ---- | C] () -- C:\Windows\mozver.dat

[2012.05.28 10:40:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll

[2012.05.12 11:11:41 | 000,038,425 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2012.04.28 10:54:37 | 000,000,039 | ---- | C] () -- C:\Windows\combit.ini

[2012.04.24 14:01:04 | 000,000,277 | ---- | C] () -- C:\Windows\ODBC.INI

[2012.04.24 13:49:28 | 000,350,208 | ---- | C] () -- C:\Windows\SysWow64\EloOpenOffice.dll

[2012.04.24 13:49:28 | 000,163,160 | ---- | C] () -- C:\Windows\SysWow64\ELOComRes.dll

[2012.04.24 13:49:22 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\fteh006n.dll

[2012.04.24 13:45:17 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI

[2012.03.04 12:10:42 | 000,000,782 | ---- | C] () -- C:\Windows\wininit.ini

[2012.01.25 14:49:20 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI

[2012.01.25 14:27:17 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.07.19 10:16:33 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll

[2011.07.19 10:16:33 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

[2011.05.20 08:59:18 | 000,038,441 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Kommagetrennte Werte (Windows).ADR

[2011.05.17 12:28:58 | 000,245,354 | ---- | C] () -- C:\Windows\hpoins19.dat

[2011.05.17 12:28:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2011.05.04 11:04:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2011.05.04 11:04:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2011.04.22 07:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.04.15 12:34:30 | 000,007,598 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\Resmon.ResmonCfg

[2011.04.07 17:19:01 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini

[2010.12.16 22:29:02 | 000,000,316 | ---- | C] () -- C:\Windows\Jelly.ini

[2010.11.07 11:54:25 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2009.12.25 13:30:39 | 000,006,144 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== LOP Check ==========

 

[2012.07.23 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\1&1

[2012.07.12 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.022

[2012.07.12 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.023

[2012.07.14 07:29:50 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.024

[2012.07.15 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.025

[2012.07.17 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.026

[2012.07.22 12:03:14 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus

[2012.01.01 16:06:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\BitTorrent

[2011.12.03 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Canon

[2012.04.28 10:47:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\combit

[2012.05.11 17:22:02 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DataDesign

[2012.06.07 08:17:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon

[2011.07.19 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Easeware

[2012.05.15 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\elsterformular

[2012.07.06 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog

[2012.06.06 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\FileZilla

[2009.12.26 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GameConsole

[2010.12.16 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GetRightToGo

[2012.04.20 13:00:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\gtk-2.0

[2011.07.19 12:54:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Haufe

[2012.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Hulubulu

[2012.05.13 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\inkscape

[2010.03.07 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\innoPlus

[2012.07.21 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\IrfanView

[2011.04.16 09:03:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\JAM Software

[2012.04.24 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\julitec

[2012.07.12 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kock

[2012.05.20 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\KompoZer

[2012.06.02 10:51:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kompozer.net

[2010.04.01 09:10:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Lexware

[2011.04.02 09:51:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\LG Electronics

[2012.02.04 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Netpas

[2012.05.18 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Nvu

[2011.04.22 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Participatory Culture Foundation

[2011.04.22 07:59:13 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PCF-VLC

[2009.12.25 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PMS

[2011.07.19 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ProtectDisc

[2011.02.13 08:20:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\RayV

[2012.01.24 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Samsung

[2012.05.13 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Scribus

[2012.06.10 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Serif

[2012.06.09 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\SmartTools

[2012.04.18 10:39:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TeamViewer

[2012.06.26 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Temp

[2011.12.11 11:43:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TuneUp Software

[2012.07.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\xmldm

[2012.05.31 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\XMLmind

[2011.12.14 08:32:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.07.23 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\1&1

[2012.07.12 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.022

[2012.07.12 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.023

[2012.07.14 07:29:50 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.024

[2012.07.15 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.025

[2012.07.17 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.026

[2012.07.22 12:03:14 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus

[2012.06.25 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Adobe

[2011.12.25 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Apple Computer

[2012.06.27 08:27:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Avira

[2012.01.01 16:06:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\BitTorrent

[2011.12.03 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Canon

[2012.04.28 10:47:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\combit

[2011.04.07 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\CyberLink

[2012.05.11 17:22:02 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DataDesign

[2012.06.07 08:17:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon

[2011.07.19 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Easeware

[2012.05.15 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\elsterformular

[2012.07.06 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog

[2012.06.06 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\FileZilla

[2009.12.26 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GameConsole

[2010.12.16 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GetRightToGo

[2009.12.09 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Google

[2012.06.12 11:18:33 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Google_Toolbar

[2012.04.20 13:00:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\gtk-2.0

[2011.07.19 12:54:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Haufe

[2011.05.17 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\HP

[2012.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Hulubulu

[2009.12.09 20:06:35 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Identities

[2012.05.13 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\inkscape

[2010.03.07 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\innoPlus

[2010.04.01 09:07:41 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\InstallShield

[2010.02.22 19:57:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Intel

[2011.07.19 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Intel Corporation

[2012.07.21 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\IrfanView

[2011.04.16 09:03:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\JAM Software

[2012.04.24 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\julitec

[2012.07.12 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kock

[2012.05.20 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\KompoZer

[2012.06.02 10:51:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kompozer.net

[2010.04.01 09:10:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Lexware

[2011.04.02 09:51:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\LG Electronics

[2009.12.09 20:07:17 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Macromedia

[2011.12.02 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Malwarebytes

[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Media Center Programs

[2012.06.21 07:48:17 | 000,000,000 | --SD | M] -- C:\Users\JoeCool\AppData\Roaming\Microsoft

[2011.04.22 07:17:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Mozilla

[2010.08.15 12:19:32 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Mozilla-Cache

[2012.02.04 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Netpas

[2012.05.18 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Nvu

[2011.04.22 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Participatory Culture Foundation

[2011.04.22 07:59:13 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PCF-VLC

[2009.12.25 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PMS

[2011.07.19 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ProtectDisc

[2011.02.13 08:20:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\RayV

[2012.01.24 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Samsung

[2012.05.13 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Scribus

[2012.06.10 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Serif

[2012.07.22 14:44:59 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Skype

[2012.06.09 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\SmartTools

[2012.04.18 10:39:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TeamViewer

[2012.06.26 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Temp

[2011.12.11 11:43:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TuneUp Software

[2010.02.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\WinRAR

[2012.07.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\xmldm

[2012.05.31 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\XMLmind

[2012.01.25 14:59:24 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ZoomBrowser EX

 
 < %APPDATA%\*.exe /s >

[2012.01.25 14:27:14 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe

[2011.07.19 09:28:17 | 001,488,632 | ---- | M] (Packard Bell B.V.                                           ) -- C:\Users\JoeCool\AppData\Roaming\Easeware\DriverEasy\drivers\zxn35q1l.mhb\NF750i_Chipset_Vista64_v9.60.exe

[2009.06.04 13:51:24 | 001,413,256 | R--- | M] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Templates\D\USBAutoRun.exe

[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Templates\D\tools\LGSetCDROMAutoRun.exe

[2012.04.11 22:08:20 | 000,255,376 | ---- | M] (Visicom Media Inc.) -- C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe

[2012.04.11 22:08:20 | 000,255,376 | ---- | M] (Visicom Media Inc.) -- C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe

[2012.02.25 10:20:17 | 000,106,408 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe

[2012.02.25 10:20:17 | 000,101,288 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe

[2012.02.25 10:20:18 | 000,021,416 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe

[2012.02.22 07:57:00 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe

[2012.02.22 07:57:04 | 000,278,928 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe

[2012.02.01 10:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe

[2012.02.22 07:57:02 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe

[2011.12.23 21:59:48 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe

[2012.01.31 11:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe

[2012.01.31 11:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe

[2012.02.22 07:57:06 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe

[2012.02.25 10:20:17 | 000,106,408 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe

[2012.02.25 10:20:17 | 000,101,288 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe

[2012.02.22 07:57:10 | 000,131,984 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe

[2012.02.25 10:20:18 | 000,021,416 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe

[2012.02.22 07:57:12 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe

[2011.12.23 21:58:10 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe

[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe

[2012.06.08 13:02:14 | 000,371,128 | ---- | M] (ml) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Users\JoeCool\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110719T081044360817\pci\ven_8086&dev_2929&cc_0106\iaStor.sys

[2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Users\JoeCool\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110719T082719517489\pci\ven_8086&dev_2929&cc_0106\iaStor.sys

[2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys

[2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: NVSTOR32.SYS  >

[2008.02.11 20:00:46 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\Drivers\Chipset_9.60\nvstor32.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Ja, wir sind bald durch :)

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL
 

:Files
 

C:\Users\JoeCool\AppData\Roaming\kock
 

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Moin John,

Unten das neue Log.
Was mir aufgefallen ist:
- Rechner startet deutlich schneller
- Nach Neustart wollen "Aplle Applications (I-Tunes), LG (externes DVD) und Office Drive (Cloud Services) immer neue Treiber installieren. Hab das mal zugelassen, kommt aber nach jedem neustart wieder. Bzw. bei Apple kommt, das ich Itunes deinstallieren und dann neu installieren soll.

Code:

All processes killed

========== OTL ==========

========== FILES ==========

C:\Users\JoeCool\AppData\Roaming\kock folder moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\JoeCool\Desktop\cmd.bat deleted successfully.

C:\Users\JoeCool\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Hanni

->Temp folder emptied: 0 bytes

 

User: JoeCool

->Temp folder emptied: 184410 bytes

->Temporary Internet Files folder emptied: 65950 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 62093392 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1115 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2947 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 59,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Hanni

 

User: JoeCool

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.54.0 log created on 07242012_074645
 

Files\Folders moved on Reboot...

C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...

File C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

Moin John,
wie gehts denn weiter?

Apple kannst du re-installieren.

TDSSKiller von Kaspersky

- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.

Hier findest Du eine ausführlichere TDSSKiller Anleitung.

Moin!

also meine Screens bei TDSS sehen etwas anders aus als in der Anleitung und nach Neustart wurde ich auch nicht gefragt.

Hier das LOG:

Code:

08:19:27.0378 1964        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

08:19:27.0596 1964        ============================================================

08:19:27.0596 1964        Current date / time: 2012/07/25 08:19:27.0596

08:19:27.0596 1964        SystemInfo:

08:19:27.0596 1964        

08:19:27.0596 1964        OS Version: 6.1.7601 ServicePack: 1.0

08:19:27.0596 1964        Product type: Workstation

08:19:27.0596 1964        ComputerName: ACER-NETBOOK

08:19:27.0596 1964        UserName: JoeCool

08:19:27.0596 1964        Windows directory: C:\Windows

08:19:27.0596 1964        System windows directory: C:\Windows

08:19:27.0596 1964        Running under WOW64

08:19:27.0596 1964        Processor architecture: Intel x64

08:19:27.0596 1964        Number of processors: 2

08:19:27.0596 1964        Page size: 0x1000

08:19:27.0596 1964        Boot type: Normal boot

08:19:27.0596 1964        ============================================================

08:19:29.0562 1964        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:19:29.0624 1964        Drive \Device\Harddisk1\DR1 - Size: 0x1E0F00000 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:19:29.0624 1964        ============================================================

08:19:29.0624 1964        \Device\Harddisk0\DR0:

08:19:29.0624 1964        MBR partitions:

08:19:29.0624 1964        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000

08:19:29.0624 1964        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x1B992800

08:19:29.0624 1964        \Device\Harddisk1\DR1:

08:19:29.0624 1964        MBR partitions:

08:19:29.0624 1964        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xF05800

08:19:29.0624 1964        ============================================================

08:19:29.0734 1964        C: <-> \Device\Harddisk0\DR0\Partition1

08:19:29.0734 1964        ============================================================

08:19:29.0734 1964        Initialize success

08:19:29.0734 1964        ============================================================

08:19:58.0001 5428        ============================================================

08:19:58.0001 5428        Scan started

08:19:58.0001 5428        Mode: Manual; 

08:19:58.0001 5428        ============================================================

08:20:00.0996 5428        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:20:01.0012 5428        1394ohci - ok

08:20:01.0074 5428        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:20:01.0090 5428        ACPI - ok

08:20:01.0136 5428        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:20:01.0136 5428        AcpiPmi - ok

08:20:01.0277 5428        Ad-Aware Service (af9658974154c3b6a333d86dc2e0aac8) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

08:20:01.0324 5428        Ad-Aware Service - ok

08:20:01.0495 5428        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:20:01.0511 5428        AdobeFlashPlayerUpdateSvc - ok

08:20:01.0667 5428        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

08:20:01.0682 5428        adp94xx - ok

08:20:01.0745 5428        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

08:20:01.0745 5428        adpahci - ok

08:20:01.0792 5428        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

08:20:01.0792 5428        adpu320 - ok

08:20:01.0823 5428        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:20:01.0823 5428        AeLookupSvc - ok

08:20:01.0901 5428        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:20:01.0916 5428        AFD - ok

08:20:01.0979 5428        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:20:01.0979 5428        agp440 - ok

08:20:02.0010 5428        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:20:02.0026 5428        ALG - ok

08:20:02.0041 5428        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:20:02.0057 5428        aliide - ok

08:20:02.0057 5428        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:20:02.0072 5428        amdide - ok

08:20:02.0104 5428        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

08:20:02.0119 5428        AmdK8 - ok

08:20:02.0135 5428        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:20:02.0135 5428        AmdPPM - ok

08:20:02.0182 5428        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:20:02.0182 5428        amdsata - ok

08:20:02.0244 5428        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

08:20:02.0260 5428        amdsbs - ok

08:20:02.0275 5428        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:20:02.0275 5428        amdxata - ok

08:20:02.0338 5428        AMPPAL          (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys

08:20:02.0353 5428        AMPPAL - ok

08:20:02.0369 5428        AMPPALP         (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys

08:20:02.0369 5428        AMPPALP - ok

08:20:02.0587 5428        AMPPALR3        (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

08:20:02.0634 5428        AMPPALR3 - ok

08:20:02.0790 5428        AmUStor         (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS

08:20:02.0790 5428        AmUStor - ok

08:20:02.0915 5428        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

08:20:02.0930 5428        AntiVirSchedulerService - ok

08:20:02.0977 5428        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

08:20:02.0977 5428        AntiVirService - ok

08:20:03.0040 5428        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:20:03.0040 5428        AppID - ok

08:20:03.0071 5428        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:20:03.0086 5428        AppIDSvc - ok

08:20:03.0118 5428        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:20:03.0118 5428        Appinfo - ok

08:20:03.0180 5428        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

08:20:03.0180 5428        arc - ok

08:20:03.0196 5428        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

08:20:03.0196 5428        arcsas - ok

08:20:03.0289 5428        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

08:20:03.0336 5428        aspnet_state - ok

08:20:03.0367 5428        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:20:03.0367 5428        AsyncMac - ok

08:20:03.0414 5428        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:20:03.0414 5428        atapi - ok

08:20:03.0508 5428        athr            (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys

08:20:03.0586 5428        athr - ok

08:20:03.0773 5428        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:20:03.0820 5428        AudioEndpointBuilder - ok

08:20:03.0835 5428        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:20:03.0835 5428        AudioSrv - ok

08:20:03.0913 5428        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

08:20:03.0913 5428        avgntflt - ok

08:20:03.0960 5428        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

08:20:03.0976 5428        avipbb - ok

08:20:03.0991 5428        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

08:20:03.0991 5428        avkmgr - ok

08:20:04.0054 5428        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

08:20:04.0069 5428        AxInstSV - ok

08:20:04.0132 5428        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

08:20:04.0163 5428        b06bdrv - ok

08:20:04.0225 5428        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:20:04.0241 5428        b57nd60a - ok

08:20:04.0272 5428        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

08:20:04.0272 5428        BDESVC - ok

08:20:04.0288 5428        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:20:04.0303 5428        Beep - ok

08:20:04.0381 5428        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

08:20:04.0412 5428        BFE - ok

08:20:04.0459 5428        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

08:20:04.0537 5428        BITS - ok

08:20:04.0600 5428        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

08:20:04.0600 5428        blbdrive - ok

08:20:04.0693 5428        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

08:20:04.0724 5428        Bonjour Service - ok

08:20:04.0771 5428        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:20:04.0771 5428        bowser - ok

08:20:04.0802 5428        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:20:04.0818 5428        BrFiltLo - ok

08:20:04.0834 5428        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:20:04.0834 5428        BrFiltUp - ok

08:20:04.0880 5428        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

08:20:04.0880 5428        BridgeMP - ok

08:20:04.0927 5428        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

08:20:04.0927 5428        Browser - ok

08:20:04.0974 5428        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:20:04.0990 5428        Brserid - ok

08:20:05.0005 5428        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:20:05.0005 5428        BrSerWdm - ok

08:20:05.0021 5428        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:20:05.0036 5428        BrUsbMdm - ok

08:20:05.0036 5428        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:20:05.0052 5428        BrUsbSer - ok

08:20:05.0083 5428        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

08:20:05.0083 5428        BthEnum - ok

08:20:05.0114 5428        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

08:20:05.0114 5428        BTHMODEM - ok

08:20:05.0130 5428        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

08:20:05.0130 5428        BthPan - ok

08:20:05.0192 5428        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

08:20:05.0224 5428        BTHPORT - ok

08:20:05.0255 5428        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

08:20:05.0255 5428        bthserv - ok

08:20:05.0395 5428        BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

08:20:05.0395 5428        BTHSSecurityMgr - ok

08:20:05.0442 5428        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

08:20:05.0442 5428        BTHUSB - ok

08:20:05.0458 5428        catchme - ok

08:20:05.0489 5428        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:20:05.0489 5428        cdfs - ok

08:20:05.0551 5428        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

08:20:05.0551 5428        cdrom - ok

08:20:05.0582 5428        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:20:05.0598 5428        CertPropSvc - ok

08:20:05.0645 5428        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

08:20:05.0645 5428        circlass - ok

08:20:05.0676 5428        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:20:05.0692 5428        CLFS - ok

08:20:05.0770 5428        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:20:05.0770 5428        clr_optimization_v2.0.50727_32 - ok

08:20:05.0801 5428        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:20:05.0816 5428        clr_optimization_v2.0.50727_64 - ok

08:20:05.0894 5428        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:20:06.0066 5428        clr_optimization_v4.0.30319_32 - ok

08:20:06.0128 5428        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:20:06.0269 5428        clr_optimization_v4.0.30319_64 - ok

08:20:06.0300 5428        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

08:20:06.0316 5428        CmBatt - ok

08:20:06.0347 5428        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:20:06.0347 5428        cmdide - ok

08:20:06.0394 5428        CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

08:20:06.0409 5428        CNG - ok

08:20:06.0440 5428        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

08:20:06.0440 5428        Compbatt - ok

08:20:06.0487 5428        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:20:06.0487 5428        CompositeBus - ok

08:20:06.0503 5428        COMSysApp - ok

08:20:06.0596 5428        cpudrv64        (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys

08:20:06.0596 5428        cpudrv64 - ok

08:20:06.0612 5428        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

08:20:06.0612 5428        crcdisk - ok

08:20:06.0674 5428        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

08:20:06.0674 5428        CryptSvc - ok

08:20:06.0737 5428        DBService       (48297bf3339bc56dd7d7524d7a1740aa) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe

08:20:06.0752 5428        DBService - ok

08:20:06.0830 5428        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:20:06.0862 5428        DcomLaunch - ok

08:20:06.0908 5428        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

08:20:06.0924 5428        defragsvc - ok

08:20:06.0955 5428        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:20:06.0971 5428        DfsC - ok

08:20:07.0018 5428        dgderdrv        (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys

08:20:07.0018 5428        dgderdrv - ok

08:20:07.0049 5428        dgdersvc        (bc3c53000adcd440f1b23e46dac302ef) C:\Windows\system32\dgdersvc.exe

08:20:07.0049 5428        dgdersvc - ok

08:20:07.0127 5428        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

08:20:07.0142 5428        Dhcp - ok

08:20:07.0158 5428        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:20:07.0174 5428        discache - ok

08:20:07.0205 5428        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

08:20:07.0205 5428        Disk - ok

08:20:07.0330 5428        DKbFltr         (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys

08:20:07.0330 5428        DKbFltr - ok

08:20:07.0376 5428        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

08:20:07.0376 5428        Dnscache - ok

08:20:07.0439 5428        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

08:20:07.0454 5428        dot3svc - ok

08:20:07.0501 5428        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

08:20:07.0501 5428        Dot4 - ok

08:20:07.0548 5428        Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

08:20:07.0548 5428        Dot4Print - ok

08:20:07.0564 5428        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

08:20:07.0579 5428        dot4usb - ok

08:20:07.0626 5428        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

08:20:07.0626 5428        DPS - ok

08:20:07.0657 5428        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:20:07.0673 5428        drmkaud - ok

08:20:07.0751 5428        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:20:07.0798 5428        DXGKrnl - ok

08:20:07.0829 5428        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

08:20:07.0829 5428        EapHost - ok

08:20:08.0000 5428        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

08:20:08.0110 5428        ebdrv - ok

08:20:08.0219 5428        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

08:20:08.0219 5428        EFS - ok

08:20:08.0297 5428        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

08:20:08.0328 5428        ehRecvr - ok

08:20:08.0359 5428        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

08:20:08.0359 5428        ehSched - ok

08:20:08.0437 5428        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

08:20:08.0453 5428        elxstor - ok

08:20:08.0578 5428        ePowerSvc       (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

08:20:08.0609 5428        ePowerSvc - ok

08:20:08.0734 5428        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:20:08.0734 5428        ErrDev - ok

08:20:08.0812 5428        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

08:20:08.0843 5428        EventSystem - ok

08:20:09.0014 5428        EvtEng          (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

08:20:09.0061 5428        EvtEng - ok

08:20:09.0170 5428        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:20:09.0170 5428        exfat - ok

08:20:09.0202 5428        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:20:09.0217 5428        fastfat - ok

08:20:09.0295 5428        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

08:20:09.0326 5428        Fax - ok

08:20:09.0358 5428        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

08:20:09.0358 5428        fdc - ok

08:20:09.0389 5428        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

08:20:09.0404 5428        fdPHost - ok

08:20:09.0420 5428        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

08:20:09.0420 5428        FDResPub - ok

08:20:09.0436 5428        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:20:09.0451 5428        FileInfo - ok

08:20:09.0467 5428        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:20:09.0467 5428        Filetrace - ok

08:20:09.0482 5428        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

08:20:09.0482 5428        flpydisk - ok

08:20:09.0545 5428        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:20:09.0560 5428        FltMgr - ok

08:20:09.0638 5428        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

08:20:09.0670 5428        FontCache - ok

08:20:09.0732 5428        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:20:09.0748 5428        FontCache3.0.0.0 - ok

08:20:09.0794 5428        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:20:09.0794 5428        FsDepends - ok

08:20:09.0841 5428        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

08:20:09.0841 5428        Fs_Rec - ok

08:20:09.0888 5428        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:20:09.0904 5428        fvevol - ok

08:20:09.0919 5428        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

08:20:09.0919 5428        gagp30kx - ok

08:20:09.0982 5428        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:20:09.0982 5428        GEARAspiWDM - ok

08:20:10.0044 5428        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

08:20:10.0091 5428        gpsvc - ok

08:20:10.0200 5428        Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

08:20:10.0247 5428        Greg_Service - ok

08:20:10.0356 5428        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:20:10.0356 5428        gupdate - ok

08:20:10.0372 5428        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:20:10.0387 5428        gupdatem - ok

08:20:10.0434 5428        gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

08:20:10.0450 5428        gusvc - ok

08:20:10.0590 5428        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:20:10.0590 5428        hcw85cir - ok

08:20:10.0652 5428        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:20:10.0684 5428        HdAudAddService - ok

08:20:10.0730 5428        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

08:20:10.0746 5428        HDAudBus - ok

08:20:10.0762 5428        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

08:20:10.0762 5428        HidBatt - ok

08:20:10.0777 5428        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

08:20:10.0793 5428        HidBth - ok

08:20:10.0793 5428        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

08:20:10.0808 5428        HidIr - ok

08:20:10.0824 5428        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

08:20:10.0824 5428        hidserv - ok

08:20:10.0902 5428        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

08:20:10.0902 5428        HidUsb - ok

08:20:10.0964 5428        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

08:20:10.0964 5428        hkmsvc - ok

08:20:11.0011 5428        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

08:20:11.0042 5428        HomeGroupListener - ok

08:20:11.0089 5428        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

08:20:11.0105 5428        HomeGroupProvider - ok

08:20:11.0152 5428        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:20:11.0152 5428        HpSAMD - ok

08:20:11.0323 5428        HPSLPSVC        (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

08:20:11.0370 5428        HPSLPSVC - ok

08:20:11.0448 5428        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:20:11.0479 5428        HTTP - ok

08:20:11.0526 5428        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:20:11.0526 5428        hwpolicy - ok

08:20:11.0589 5428        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:20:11.0589 5428        i8042prt - ok

08:20:11.0635 5428        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys

08:20:11.0635 5428        iaStor - ok

08:20:11.0745 5428        IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

08:20:11.0745 5428        IAStorDataMgrSvc - ok

08:20:11.0807 5428        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:20:11.0823 5428        iaStorV - ok

08:20:11.0932 5428        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

08:20:11.0932 5428        IDriverT - ok

08:20:12.0041 5428        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:20:12.0103 5428        idsvc - ok

08:20:12.0525 5428        igfx            (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys

08:20:12.0712 5428        igfx - ok

08:20:12.0837 5428        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

08:20:12.0852 5428        iirsp - ok

08:20:12.0961 5428        IJPLMSVC        (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

08:20:12.0961 5428        IJPLMSVC - ok

08:20:13.0039 5428        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

08:20:13.0086 5428        IKEEXT - ok

08:20:13.0164 5428        int15.sys       (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys

08:20:13.0180 5428        int15.sys - ok

08:20:13.0367 5428        IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys

08:20:13.0476 5428        IntcAzAudAddService - ok

08:20:13.0617 5428        IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys

08:20:13.0617 5428        IntcHdmiAddService - ok

08:20:13.0663 5428        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:20:13.0663 5428        intelide - ok

08:20:13.0695 5428        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

08:20:13.0695 5428        intelppm - ok

08:20:13.0741 5428        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

08:20:13.0741 5428        IPBusEnum - ok

08:20:13.0773 5428        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:20:13.0788 5428        IpFilterDriver - ok

08:20:13.0835 5428        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

08:20:13.0866 5428        iphlpsvc - ok

08:20:13.0913 5428        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:20:13.0913 5428        IPMIDRV - ok

08:20:13.0944 5428        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:20:13.0960 5428        IPNAT - ok

08:20:14.0053 5428        iPod Service    (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe

08:20:14.0100 5428        iPod Service - ok

08:20:14.0131 5428        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:20:14.0131 5428        IRENUM - ok

08:20:14.0163 5428        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:20:14.0163 5428        isapnp - ok

08:20:14.0225 5428        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:20:14.0241 5428        iScsiPrt - ok

08:20:14.0256 5428        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

08:20:14.0256 5428        kbdclass - ok

08:20:14.0287 5428        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

08:20:14.0287 5428        kbdhid - ok

08:20:14.0334 5428        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:20:14.0334 5428        KeyIso - ok

08:20:14.0350 5428        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

08:20:14.0350 5428        KSecDD - ok

08:20:14.0381 5428        KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

08:20:14.0381 5428        KSecPkg - ok

08:20:14.0428 5428        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:20:14.0428 5428        ksthunk - ok

08:20:14.0475 5428        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

08:20:14.0506 5428        KtmRm - ok

08:20:14.0537 5428        L1C             (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys

08:20:14.0537 5428        L1C - ok

08:20:14.0599 5428        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

08:20:14.0615 5428        LanmanServer - ok

08:20:14.0662 5428        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

08:20:14.0677 5428        LanmanWorkstation - ok

08:20:14.0724 5428        Lbd - ok

08:20:14.0740 5428        LgBttPort - ok

08:20:14.0755 5428        lgbusenum - ok

08:20:14.0755 5428        LGVMODEM - ok

08:20:14.0802 5428        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:20:14.0818 5428        lltdio - ok

08:20:14.0849 5428        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

08:20:14.0865 5428        lltdsvc - ok

08:20:14.0896 5428        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

08:20:14.0896 5428        lmhosts - ok

08:20:14.0927 5428        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

08:20:14.0927 5428        LSI_FC - ok

08:20:14.0958 5428        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

08:20:14.0974 5428        LSI_SAS - ok

08:20:14.0989 5428        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:20:14.0989 5428        LSI_SAS2 - ok

08:20:15.0021 5428        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:20:15.0021 5428        LSI_SCSI - ok

08:20:15.0052 5428        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:20:15.0067 5428        luafv - ok

08:20:15.0099 5428        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

08:20:15.0099 5428        Mcx2Svc - ok

08:20:15.0145 5428        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

08:20:15.0145 5428        megasas - ok

08:20:15.0192 5428        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

08:20:15.0208 5428        MegaSR - ok

08:20:15.0286 5428        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

08:20:15.0286 5428        Microsoft Office Groove Audit Service - ok

08:20:15.0317 5428        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:20:15.0317 5428        MMCSS - ok

08:20:15.0348 5428        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:20:15.0348 5428        Modem - ok

08:20:15.0379 5428        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:20:15.0395 5428        monitor - ok

08:20:15.0442 5428        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

08:20:15.0442 5428        mouclass - ok

08:20:15.0457 5428        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:20:15.0473 5428        mouhid - ok

08:20:15.0504 5428        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:20:15.0504 5428        mountmgr - ok

08:20:15.0598 5428        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

08:20:15.0598 5428        MozillaMaintenance - ok

08:20:15.0645 5428        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:20:15.0645 5428        mpio - ok

08:20:15.0676 5428        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:20:15.0676 5428        mpsdrv - ok

08:20:15.0754 5428        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

08:20:15.0785 5428        MpsSvc - ok

08:20:15.0832 5428        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:20:15.0832 5428        MRxDAV - ok

08:20:15.0879 5428        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:20:15.0894 5428        mrxsmb - ok

08:20:15.0941 5428        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:20:15.0957 5428        mrxsmb10 - ok

08:20:15.0972 5428        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:20:15.0972 5428        mrxsmb20 - ok

08:20:16.0003 5428        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:20:16.0019 5428        msahci - ok

08:20:16.0050 5428        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:20:16.0050 5428        msdsm - ok

08:20:16.0097 5428        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

08:20:16.0097 5428        MSDTC - ok

08:20:16.0159 5428        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:20:16.0159 5428        Msfs - ok

08:20:16.0253 5428        msftesql$COMBIT_CRM (54819fc5c79e4b2c6e896f9de440494d) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

08:20:16.0269 5428        msftesql$COMBIT_CRM - ok

08:20:16.0284 5428        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:20:16.0284 5428        mshidkmdf - ok

08:20:16.0331 5428        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:20:16.0331 5428        msisadrv - ok

08:20:16.0378 5428        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

08:20:16.0378 5428        MSiSCSI - ok

08:20:16.0393 5428        msiserver - ok

08:20:16.0440 5428        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:20:16.0440 5428        MSKSSRV - ok

08:20:16.0440 5428        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:20:16.0440 5428        MSPCLOCK - ok

08:20:16.0456 5428        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:20:16.0456 5428        MSPQM - ok

08:20:16.0518 5428        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:20:16.0534 5428        MsRPC - ok

08:20:16.0581 5428        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:20:16.0581 5428        mssmbios - ok

08:20:16.0596 5428        MSSQL$COMBIT_CRM - ok

08:20:16.0659 5428        MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe

08:20:16.0659 5428        MSSQLServerADHelper - ok

08:20:16.0690 5428        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:20:16.0690 5428        MSTEE - ok

08:20:16.0705 5428        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

08:20:16.0705 5428        MTConfig - ok

08:20:16.0737 5428        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:20:16.0737 5428        Mup - ok

08:20:16.0768 5428        mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

08:20:16.0768 5428        mwlPSDFilter - ok

08:20:16.0799 5428        mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

08:20:16.0799 5428        mwlPSDNServ - ok

08:20:16.0815 5428        mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

08:20:16.0815 5428        mwlPSDVDisk - ok

08:20:16.0893 5428        MWLService      (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

08:20:16.0908 5428        MWLService - ok

08:20:16.0971 5428        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

08:20:16.0986 5428        napagent - ok

08:20:17.0049 5428        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:20:17.0064 5428        NativeWifiP - ok

08:20:17.0158 5428        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:20:17.0205 5428        NDIS - ok

08:20:17.0251 5428        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:20:17.0251 5428        NdisCap - ok

08:20:17.0283 5428        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:20:17.0283 5428        NdisTapi - ok

08:20:17.0329 5428        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:20:17.0345 5428        Ndisuio - ok

08:20:17.0392 5428        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:20:17.0392 5428        NdisWan - ok

08:20:17.0423 5428        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:20:17.0439 5428        NDProxy - ok

08:20:17.0501 5428        Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll

08:20:17.0501 5428        Net Driver HPZ12 - ok

08:20:17.0532 5428        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:20:17.0548 5428        NetBIOS - ok

08:20:17.0595 5428        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:20:17.0610 5428        NetBT - ok

08:20:17.0641 5428        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:20:17.0641 5428        Netlogon - ok

08:20:17.0688 5428        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

08:20:17.0719 5428        Netman - ok

08:20:17.0797 5428        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:20:17.0813 5428        NetMsmqActivator - ok

08:20:17.0829 5428        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:20:17.0829 5428        NetPipeActivator - ok

08:20:17.0875 5428        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

08:20:17.0907 5428        netprofm - ok

08:20:18.0016 5428        netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys

08:20:18.0078 5428        netr28ux - ok

08:20:18.0156 5428        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:20:18.0156 5428        NetTcpActivator - ok

08:20:18.0156 5428        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:20:18.0156 5428        NetTcpPortSharing - ok

08:20:18.0187 5428        NETw1v64 - ok

08:20:18.0546 5428        NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

08:20:18.0718 5428        NETw5s64 - ok

08:20:19.0264 5428        NETwNs64        (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys

08:20:19.0498 5428        NETwNs64 - ok

08:20:19.0623 5428        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

08:20:19.0638 5428        nfrd960 - ok

08:20:19.0685 5428        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

08:20:19.0701 5428        NlaSvc - ok

08:20:19.0716 5428        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:20:19.0732 5428        Npfs - ok

08:20:19.0747 5428        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

08:20:19.0747 5428        nsi - ok

08:20:19.0779 5428        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:20:19.0779 5428        nsiproxy - ok

08:20:19.0903 5428        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:20:19.0950 5428        Ntfs - ok

08:20:20.0059 5428        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:20:20.0059 5428        Null - ok

08:20:20.0091 5428        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:20:20.0091 5428        nvraid - ok

08:20:20.0122 5428        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:20:20.0122 5428        nvstor - ok

08:20:20.0169 5428        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:20:20.0184 5428        nv_agp - ok

08:20:20.0293 5428        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:20:20.0325 5428        odserv - ok

08:20:20.0356 5428        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:20:20.0356 5428        ohci1394 - ok

08:20:20.0434 5428        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:20:20.0434 5428        ose - ok

08:20:20.0496 5428        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:20:20.0512 5428        p2pimsvc - ok

08:20:20.0543 5428        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

08:20:20.0574 5428        p2psvc - ok

08:20:20.0621 5428        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

08:20:20.0621 5428        Parport - ok

08:20:20.0637 5428        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

08:20:20.0652 5428        partmgr - ok

08:20:20.0668 5428        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

08:20:20.0668 5428        PcaSvc - ok

08:20:20.0730 5428        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:20:20.0730 5428        pci - ok

08:20:20.0746 5428        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:20:20.0746 5428        pciide - ok

08:20:20.0793 5428        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

08:20:20.0808 5428        pcmcia - ok

08:20:20.0824 5428        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:20:20.0839 5428        pcw - ok

08:20:20.0871 5428        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:20:20.0902 5428        PEAUTH - ok

08:20:20.0964 5428        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

08:20:20.0964 5428        PerfHost - ok

08:20:21.0073 5428        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

08:20:21.0120 5428        pla - ok

08:20:21.0198 5428        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

08:20:21.0214 5428        PlugPlay - ok

08:20:21.0307 5428        Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll

08:20:21.0307 5428        Pml Driver HPZ12 - ok

08:20:21.0339 5428        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

08:20:21.0339 5428        PNRPAutoReg - ok

08:20:21.0370 5428        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:20:21.0370 5428        PNRPsvc - ok

08:20:21.0432 5428        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

08:20:21.0463 5428        PolicyAgent - ok

08:20:21.0495 5428        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

08:20:21.0495 5428        Power - ok

08:20:21.0573 5428        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:20:21.0573 5428        PptpMiniport - ok

08:20:21.0604 5428        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

08:20:21.0604 5428        Processor - ok

08:20:21.0651 5428        ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

08:20:21.0666 5428        ProfSvc - ok

08:20:21.0697 5428        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:20:21.0697 5428        ProtectedStorage - ok

08:20:21.0760 5428        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:20:21.0760 5428        Psched - ok

08:20:21.0853 5428        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

08:20:21.0916 5428        ql2300 - ok

08:20:22.0025 5428        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

08:20:22.0025 5428        ql40xx - ok

08:20:22.0072 5428        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

08:20:22.0087 5428        QWAVE - ok

08:20:22.0087 5428        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:20:22.0103 5428        QWAVEdrv - ok

08:20:22.0119 5428        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:20:22.0119 5428        RasAcd - ok

08:20:22.0150 5428        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:20:22.0165 5428        RasAgileVpn - ok

08:20:22.0290 5428        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

08:20:22.0290 5428        RasAuto - ok

08:20:22.0337 5428        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:20:22.0337 5428        Rasl2tp - ok

08:20:22.0399 5428        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

08:20:22.0431 5428        RasMan - ok

08:20:22.0462 5428        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:20:22.0462 5428        RasPppoe - ok

08:20:22.0477 5428        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:20:22.0477 5428        RasSstp - ok

08:20:22.0524 5428        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:20:22.0540 5428        rdbss - ok

08:20:22.0571 5428        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

08:20:22.0571 5428        rdpbus - ok

08:20:22.0587 5428        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:20:22.0587 5428        RDPCDD - ok

08:20:22.0633 5428        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:20:22.0633 5428        RDPENCDD - ok

08:20:22.0649 5428        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:20:22.0649 5428        RDPREFMP - ok

08:20:22.0680 5428        RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

08:20:22.0680 5428        RDPWD - ok

08:20:22.0743 5428        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:20:22.0743 5428        rdyboost - ok

08:20:22.0914 5428        RegSrvc         (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

08:20:22.0945 5428        RegSrvc - ok

08:20:22.0977 5428        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

08:20:22.0992 5428        RemoteAccess - ok

08:20:23.0008 5428        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

08:20:23.0023 5428        RemoteRegistry - ok

08:20:23.0101 5428        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

08:20:23.0101 5428        RFCOMM - ok

08:20:23.0133 5428        RimUsb - ok

08:20:23.0211 5428        RimVSerPort     (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

08:20:23.0211 5428        RimVSerPort - ok

08:20:23.0242 5428        ROOTMODEM       (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

08:20:23.0242 5428        ROOTMODEM - ok

08:20:23.0289 5428        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

08:20:23.0289 5428        RpcEptMapper - ok

08:20:23.0320 5428        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

08:20:23.0320 5428        RpcLocator - ok

08:20:23.0382 5428        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:20:23.0398 5428        RpcSs - ok

08:20:23.0429 5428        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:20:23.0429 5428        rspndr - ok

08:20:23.0523 5428        RS_Service      (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe

08:20:23.0538 5428        RS_Service - ok

08:20:23.0585 5428        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:20:23.0585 5428        SamSs - ok

08:20:23.0803 5428        SBAMSvc         (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

08:20:23.0819 5428        SBAMSvc - ok

08:20:23.0975 5428        sbapifs         (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys

08:20:23.0975 5428        sbapifs - ok

08:20:24.0006 5428        sbhips          (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys

08:20:24.0022 5428        sbhips - ok

08:20:24.0053 5428        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:20:24.0053 5428        sbp2port - ok

08:20:24.0100 5428        SBRE            (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys

08:20:24.0100 5428        SBRE - ok

08:20:24.0271 5428        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

08:20:24.0303 5428        SBSDWSCService - ok

08:20:24.0349 5428        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

08:20:24.0349 5428        SCardSvr - ok

08:20:24.0427 5428        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:20:24.0427 5428        scfilter - ok

08:20:24.0505 5428        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

08:20:24.0537 5428        Schedule - ok

08:20:24.0583 5428        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:20:24.0583 5428        SCPolicySvc - ok

08:20:24.0630 5428        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

08:20:24.0630 5428        SDRSVC - ok

08:20:24.0708 5428        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:20:24.0708 5428        secdrv - ok

08:20:24.0755 5428        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

08:20:24.0755 5428        seclogon - ok

08:20:24.0786 5428        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

08:20:24.0786 5428        SENS - ok

08:20:24.0817 5428        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

08:20:24.0817 5428        SensrSvc - ok

08:20:24.0849 5428        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

08:20:24.0849 5428        Serenum - ok

08:20:24.0880 5428        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

08:20:24.0880 5428        Serial - ok

08:20:24.0911 5428        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

08:20:24.0927 5428        sermouse - ok

08:20:24.0973 5428        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

08:20:24.0989 5428        SessionEnv - ok

08:20:25.0020 5428        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:20:25.0020 5428        sffdisk - ok

08:20:25.0051 5428        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:20:25.0051 5428        sffp_mmc - ok

08:20:25.0067 5428        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:20:25.0083 5428        sffp_sd - ok

08:20:25.0114 5428        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

08:20:25.0114 5428        sfloppy - ok

08:20:25.0207 5428        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

08:20:25.0223 5428        SharedAccess - ok

08:20:25.0285 5428        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

08:20:25.0317 5428        ShellHWDetection - ok

08:20:25.0332 5428        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:20:25.0348 5428        SiSRaid2 - ok

08:20:25.0379 5428        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

08:20:25.0379 5428        SiSRaid4 - ok

08:20:25.0441 5428        SkypeUpdate     (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe

08:20:25.0457 5428        SkypeUpdate - ok

08:20:25.0488 5428        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:20:25.0488 5428        Smb - ok

08:20:25.0535 5428        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

08:20:25.0535 5428        SNMPTRAP - ok

08:20:25.0675 5428        SNP2UVC         (f9ee0c3088f7f5306ac6ee67b47e665d) C:\Windows\system32\DRIVERS\snp2uvc.sys

08:20:25.0722 5428        SNP2UVC - ok

08:20:25.0816 5428        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:20:25.0816 5428        spldr - ok

08:20:25.0894 5428        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

08:20:25.0909 5428        Spooler - ok

08:20:26.0112 5428        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

08:20:26.0190 5428        sppsvc - ok

08:20:26.0315 5428        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

08:20:26.0331 5428        sppuinotify - ok

08:20:26.0409 5428        SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

08:20:26.0409 5428        SQLBrowser - ok

08:20:26.0502 5428        SQLWriter       (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

08:20:26.0502 5428        SQLWriter - ok

08:20:26.0580 5428        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:20:26.0611 5428        srv - ok

08:20:26.0643 5428        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:20:26.0658 5428        srv2 - ok

08:20:26.0689 5428        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:20:26.0689 5428        srvnet - ok

08:20:26.0736 5428        ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

08:20:26.0736 5428        ssadbus - ok

08:20:26.0767 5428        ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

08:20:26.0767 5428        ssadmdfl - ok

08:20:26.0814 5428        ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

08:20:26.0814 5428        ssadmdm - ok

08:20:26.0861 5428        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

08:20:26.0877 5428        SSDPSRV - ok

08:20:26.0892 5428        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

08:20:26.0892 5428        SstpSvc - ok

08:20:26.0923 5428        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

08:20:26.0923 5428        stexstor - ok

08:20:26.0970 5428        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

08:20:27.0001 5428        stisvc - ok

08:20:27.0048 5428        SWDUMon         (0cd5e2c59264fad184685d2a61ad8473) C:\Windows\system32\DRIVERS\SWDUMon.sys

08:20:27.0048 5428        SWDUMon - ok

08:20:27.0095 5428        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:20:27.0095 5428        swenum - ok

08:20:27.0142 5428        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

08:20:27.0157 5428        swprv - ok

08:20:27.0204 5428        SynTP           (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys

08:20:27.0220 5428        SynTP - ok

08:20:27.0329 5428        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

08:20:27.0376 5428        SysMain - ok

08:20:27.0485 5428        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

08:20:27.0485 5428        TabletInputService - ok

08:20:27.0516 5428        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

08:20:27.0547 5428        TapiSrv - ok

08:20:27.0579 5428        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

08:20:27.0579 5428        TBS - ok

08:20:27.0735 5428        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

08:20:27.0797 5428        Tcpip - ok

08:20:28.0000 5428        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

08:20:28.0015 5428        TCPIP6 - ok

08:20:28.0125 5428        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:20:28.0125 5428        tcpipreg - ok

08:20:28.0187 5428        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:20:28.0187 5428        TDPIPE - ok

08:20:28.0234 5428        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

08:20:28.0234 5428        TDTCP - ok

08:20:28.0296 5428        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:20:28.0296 5428        tdx - ok

08:20:28.0343 5428        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:20:28.0343 5428        TermDD - ok

08:20:28.0390 5428        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

08:20:28.0421 5428        TermService - ok

08:20:28.0468 5428        TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys

08:20:28.0468 5428        TFsExDisk - ok

08:20:28.0499 5428        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

08:20:28.0499 5428        Themes - ok

08:20:28.0530 5428        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:20:28.0530 5428        THREADORDER - ok

08:20:28.0546 5428        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

08:20:28.0546 5428        TrkWks - ok

08:20:28.0624 5428        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

08:20:28.0639 5428        TrustedInstaller - ok

08:20:28.0671 5428        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:20:28.0686 5428        tssecsrv - ok

08:20:28.0733 5428        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:20:28.0733 5428        TsUsbFlt - ok

08:20:28.0920 5428        TuneUp.UtilitiesSvc (6dc7b7342148636c6751d9f7b8aaea91) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

08:20:28.0983 5428        TuneUp.UtilitiesSvc - ok

08:20:29.0029 5428        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

08:20:29.0029 5428        TuneUpUtilitiesDrv - ok

08:20:29.0170 5428        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:20:29.0185 5428        tunnel - ok

08:20:29.0279 5428        TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe

08:20:29.0326 5428        TVersityMediaServer - ok

08:20:29.0419 5428        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

08:20:29.0419 5428        uagp35 - ok

08:20:29.0466 5428        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:20:29.0482 5428        udfs - ok

08:20:29.0529 5428        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

08:20:29.0529 5428        UI0Detect - ok

08:20:29.0575 5428        ui11drdr        (acec7381128e77d3b262c1f8da2e9819) C:\Windows\system32\DRIVERS\ui11drdr.sys

08:20:29.0575 5428        ui11drdr - ok

08:20:29.0622 5428        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:20:29.0622 5428        uliagpkx - ok

08:20:29.0653 5428        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

08:20:29.0653 5428        umbus - ok

08:20:29.0685 5428        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

08:20:29.0685 5428        UmPass - ok

08:20:29.0763 5428        Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

08:20:29.0778 5428        Updater Service - ok

08:20:29.0825 5428        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

08:20:29.0841 5428        upnphost - ok

08:20:29.0872 5428        usbbus          (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys

08:20:29.0872 5428        usbbus - ok

08:20:29.0903 5428        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

08:20:29.0903 5428        usbccgp - ok

08:20:29.0965 5428        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:20:29.0965 5428        usbcir - ok

08:20:30.0012 5428        UsbDiag         (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys

08:20:30.0012 5428        UsbDiag - ok

08:20:30.0043 5428        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

08:20:30.0059 5428        usbehci - ok

08:20:30.0090 5428        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:20:30.0106 5428        usbhub - ok

08:20:30.0153 5428        USBModem        (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys

08:20:30.0153 5428        USBModem - ok

08:20:30.0184 5428        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

08:20:30.0184 5428        usbohci - ok

08:20:30.0215 5428        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

08:20:30.0215 5428        usbprint - ok

08:20:30.0262 5428        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

08:20:30.0262 5428        usbscan - ok

08:20:30.0309 5428        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:20:30.0309 5428        USBSTOR - ok

08:20:30.0324 5428        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

08:20:30.0324 5428        usbuhci - ok

08:20:30.0371 5428        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

08:20:30.0371 5428        usbvideo - ok

08:20:30.0449 5428        usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys

08:20:30.0449 5428        usb_rndisx - ok

08:20:30.0480 5428        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

08:20:30.0480 5428        UxSms - ok

08:20:30.0527 5428        UxTuneUp        (5b0cd0238b864ca71ea80e4fa1a988af) C:\Windows\System32\uxtuneup.dll

08:20:30.0543 5428        UxTuneUp - ok

08:20:30.0574 5428        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:20:30.0574 5428        VaultSvc - ok

08:20:30.0605 5428        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:20:30.0605 5428        vdrvroot - ok

08:20:30.0683 5428        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

08:20:30.0714 5428        vds - ok

08:20:30.0745 5428        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:20:30.0761 5428        vga - ok

08:20:30.0792 5428        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:20:30.0792 5428        VgaSave - ok

08:20:30.0823 5428        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:20:30.0839 5428        vhdmp - ok

08:20:30.0870 5428        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:20:30.0870 5428        viaide - ok

08:20:30.0901 5428        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:20:30.0901 5428        volmgr - ok

08:20:30.0964 5428        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:20:30.0979 5428        volmgrx - ok

08:20:31.0011 5428        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:20:31.0026 5428        volsnap - ok

08:20:31.0057 5428        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

08:20:31.0073 5428        vsmraid - ok

08:20:31.0182 5428        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

08:20:31.0260 5428        VSS - ok

08:20:31.0369 5428        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

08:20:31.0369 5428        vwifibus - ok

08:20:31.0385 5428        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

08:20:31.0401 5428        vwififlt - ok

08:20:31.0432 5428        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

08:20:31.0432 5428        vwifimp - ok

08:20:31.0479 5428        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

08:20:31.0494 5428        W32Time - ok

08:20:31.0541 5428        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

08:20:31.0541 5428        WacomPen - ok

08:20:31.0588 5428        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:20:31.0588 5428        WANARP - ok

08:20:31.0603 5428        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:20:31.0603 5428        Wanarpv6 - ok

08:20:31.0713 5428        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

08:20:31.0759 5428        wbengine - ok

08:20:31.0853 5428        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

08:20:31.0884 5428        WbioSrvc - ok

08:20:31.0931 5428        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

08:20:31.0962 5428        wcncsvc - ok

08:20:31.0978 5428        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

08:20:31.0978 5428        WcsPlugInService - ok

08:20:32.0040 5428        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

08:20:32.0040 5428        Wd - ok

08:20:32.0087 5428        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:20:32.0118 5428        Wdf01000 - ok

08:20:32.0196 5428        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:20:32.0196 5428        WdiServiceHost - ok

08:20:32.0212 5428        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:20:32.0212 5428        WdiSystemHost - ok

08:20:32.0274 5428        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

08:20:32.0290 5428        WebClient - ok

08:20:32.0305 5428        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

08:20:32.0321 5428        Wecsvc - ok

08:20:32.0352 5428        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

08:20:32.0352 5428        wercplsupport - ok

08:20:32.0383 5428        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

08:20:32.0399 5428        WerSvc - ok

08:20:32.0461 5428        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:20:32.0461 5428        WfpLwf - ok

08:20:32.0493 5428        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:20:32.0493 5428        WIMMount - ok

08:20:32.0539 5428        WinDefend - ok

08:20:32.0555 5428        WinHttpAutoProxySvc - ok

08:20:32.0617 5428        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

08:20:32.0633 5428        Winmgmt - ok

08:20:32.0836 5428        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

08:20:32.0914 5428        WinRM - ok

08:20:33.0054 5428        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

08:20:33.0054 5428        WinUsb - ok

08:20:33.0132 5428        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

08:20:33.0163 5428        Wlansvc - ok

08:20:33.0351 5428        wlidsvc         (e23a257a54fa12c2aef8ad51e6556357) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:20:33.0413 5428        wlidsvc - ok

08:20:33.0538 5428        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:20:33.0538 5428        WmiAcpi - ok

08:20:33.0600 5428        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

08:20:33.0600 5428        wmiApSrv - ok

08:20:33.0678 5428        WMPNetworkSvc - ok

08:20:33.0709 5428        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

08:20:33.0709 5428        WPCSvc - ok

08:20:33.0756 5428        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

08:20:33.0756 5428        WPDBusEnum - ok

08:20:33.0787 5428        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:20:33.0803 5428        ws2ifsl - ok

08:20:33.0819 5428        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

08:20:33.0834 5428        wscsvc - ok

08:20:33.0881 5428        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

08:20:33.0881 5428        WSDPrintDevice - ok

08:20:33.0897 5428        WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys

08:20:33.0897 5428        WSDScan - ok

08:20:33.0912 5428        WSearch - ok

08:20:34.0053 5428        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

08:20:34.0115 5428        wuauserv - ok

08:20:34.0255 5428        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:20:34.0255 5428        WudfPf - ok

08:20:34.0302 5428        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:20:34.0302 5428        WUDFRd - ok

08:20:34.0349 5428        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

08:20:34.0365 5428        wudfsvc - ok

08:20:34.0411 5428        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

08:20:34.0411 5428        WwanSvc - ok

08:20:34.0505 5428        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

08:20:34.0723 5428        \Device\Harddisk0\DR0 - ok

08:20:35.0410 5428        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

08:20:35.0425 5428        \Device\Harddisk1\DR1 - ok

08:20:35.0425 5428        Boot (0x1200)   (e13a9652ddd6960b5d579fbc33fa6e65) \Device\Harddisk0\DR0\Partition0

08:20:35.0425 5428        \Device\Harddisk0\DR0\Partition0 - ok

08:20:35.0441 5428        Boot (0x1200)   (1a1421cc36e595f247b565764cb4bd35) \Device\Harddisk0\DR0\Partition1

08:20:35.0441 5428        \Device\Harddisk0\DR0\Partition1 - ok

08:20:35.0457 5428        Boot (0x1200)   (394051e83b9f0526742b1ee899a08775) \Device\Harddisk1\DR1\Partition0

08:20:35.0457 5428        \Device\Harddisk1\DR1\Partition0 - ok

08:20:35.0457 5428        ============================================================

08:20:35.0457 5428        Scan finished

08:20:35.0457 5428        ============================================================

08:20:35.0472 4744        Detected object count: 0

08:20:35.0472 4744        Actual detected object count: 0

08:21:03.0864 4628        Deinitialize success

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL
 

:Files
 

C:\Users\JoeCool\AppData\Roaming\13001.025

C:\Users\JoeCool\AppData\Roaming\13001.026

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

dann:

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen

=> dort reinschreiben

ComboFix /Uninstall => Enter drücken

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.

Hi,
OTL hat den Bruchteil einer Sekunde gebraucht und wollte auch keinen Neustart ???

Hier das Log:

Code:

========== OTL ==========

========== FILES ==========

C:\Users\JoeCool\AppData\Roaming\13001.025\components folder moved successfully.

C:\Users\JoeCool\AppData\Roaming\13001.025 folder moved successfully.

C:\Users\JoeCool\AppData\Roaming\13001.026\components folder moved successfully.

C:\Users\JoeCool\AppData\Roaming\13001.026 folder moved successfully.

 

OTL by OldTimer - Version 3.2.54.0 log created on 07252012_211450

Sehr gut! :daumenhoc

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen

=> dort reinschreiben

ComboFix /Uninstall => Enter drücken

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html

Juhu!
Werd das alles dann in Ruhe abarbeiten. Combofix ist schon runter.

Ein ganz großers :dankeschoen:

Ist mir dann auch ne Spende wert. Tolles Board! :party:

:)

Wuensche eine Virenfreie Zeit :)

...ansonsten weiß ich ja, wo ich Hilfe bekomme :lach:
:abklatsch:

Wie haben rund um die Uhr geoeffnet :D