AdwCleaner Logfile:
Code:
# AdwCleaner v3.001 - Report created 30/08/2013 at 22:47:55
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Heiko - ACER-747B59264E
# Running from : C:\Dokumente und Einstellungen\Heiko\Desktop\adwcleaner3001.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : BrowserDefendert
Service Deleted : IBUpdaterService
[#] Service Deleted : TelevisionFanaticService
***** [ Files / Folders ] *****
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[!] Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserDefender
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FreeRIP3
Folder Deleted : C:\Programme\Ask.com
Folder Deleted : C:\Programme\delta
Folder Deleted : C:\Programme\FreeRIP3
Folder Deleted : C:\Programme\openit
Folder Deleted : C:\Programme\TelevisionFanatic
Folder Deleted : C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\AskToolbar
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\IECompatCache
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Anwendungsdaten\apn
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Anwendungsdaten\AskToolbar
Folder Deleted : C:\DOKUME~1\Heiko\LOKALE~1\Temp\AskSearch
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\AskToolbar
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\BabSolution
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Babylon
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\delta
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Desktopicon
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\DSite
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Startmenü\Programme\BrowserDefender
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\Extensions\ffxtlbr@delta.com
Folder Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\Extensions\toolbar@ask.com
File Deleted : C:\Dokumente und Einstellungen\Heiko\Startmenü\eBay.lnk
File Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\searchplugins\Askcom.xml
File Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\searchplugins\my-web-search.xml
File Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\bProtector_extensions.rdf
File Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\bprotector_prefs.js
File Deleted : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\user.js
File Deleted : C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\WINDOWS\Tasks\EPUpdater.job
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKCU\Software\5ae8bddb43cbe14
Key Deleted : HKLM\SOFTWARE\5ae8bddb43cbe14
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{014DA6C9-189F-421A-88CD-07CFE51CFF10}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{014DA6C9-189F-421A-88CD-07CFE51CFF10}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0696F815-A3A9-490A-BB14-9EC3350B1276}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\lyrixeeker
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\dokume~1\alluse~1\anwend~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll
Product Deleted : Ask Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v3.6 (de)
[ File : C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\prefs.js ]
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=18E400FF4F07B0AB&affID=119357&tt=280813_ctrl2&tsp=4990");
Line Deleted : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,jqs@sun.com:1.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{82AF8DCA[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=71AC6E65-CCC4-467B-A061-96724FBF8094&n=77ee8565&ind=2012120421&id=XPxdm049BBde&ptnrS=X[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=71AC6E65-CCC4-467B-A061-96724FBF8094&n=77ee8565&ptnrS=XPxdm049BBde&si=18239");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012120421");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm049BBde");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "18239");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "71AC6E65-CCC4-467B-A061-96724FBF8094");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1368883610358");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=71AC6E65-CCC4-467B-A061-96724FBF8094&n=77ee8565&ind=2012120421&id=XPxdm049BBde&ptnrS=XPxdm049BBde&si=18239&s[...]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=18E400FF4F07B0AB&affID=119357&tt=280813_ctrl2&tsp=4990");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
-\\ Google Chrome v
[ File : C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [26555 octets] - [30/08/2013 22:46:27]
AdwCleaner[S0].txt - [24447 octets] - [30/08/2013 22:47:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24508 octets] ##########
--- --- ---
Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free anti-malware download
Datenbank Version: v2013.08.30.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Heiko :: ACER-747B59264E [Administrator]
Schutz: Aktiviert
30.08.2013 23:14:57
mbam-log-2013-08-30 (23-14-57).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 259143
Laufzeit: 25 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 1
C:\Programme\LyricsSeeker\131.dll (PUP.Optional.LyricsAd.Gen) -> Löschen bei Neustart.
Infizierte Registrierungsschlüssel: 7
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6930d07b-da43-46d4-aa20-1f6f958d14fe} (PUP.Optional.LyricsAd.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{6930d07b-da43-46d4-aa20-1f6f958d14fe} (PUP.Optional.LyricsAd.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{c2c5ddc8-f36c-409c-be88-82877cf2bd5e} (PUP.Optional.LyricsAd.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{8cc11d95-3a0f-4d4b-a84c-09aa441e369e} (PUP.Optional.LyricsAd.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6930D07B-DA43-46D4-AA20-1F6F958D14FE} (PUP.Optional.LyricsAd.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6930D07B-DA43-46D4-AA20-1F6F958D14FE} (PUP.Optional.LyricsAd.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 3
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 9
C:\Dokumente und Einstellungen\Heiko\Desktop\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\enhancedNT.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\Setup.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\is357113909\2506911_Setup.EXE (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Temp\is357113909\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\LyricsSeeker\131.dll (PUP.Optional.LyricsAd.Gen) -> Löschen bei Neustart.
(Ende)
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d65e75584b980040b421a02a06433d8d
# engine=14959
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-30 10:08:25
# local_time=2013-08-31 12:08:25 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 7705 123667389 406 0
# scanned=7516
# found=1
# cleaned=0
# scan_time=559
sh=406E8C99047781E2B36CD0B0C3830C38957E6D14 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2465.P trojan" ac=I fn="C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55\4894d7f7-2fd1d4ef"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d65e75584b980040b421a02a06433d8d
# engine=14959
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-31 01:13:26
# local_time=2013-08-31 03:13:26 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 18806 123678490 0 0
# scanned=167323
# found=2
# cleaned=0
# scan_time=10963
sh=406E8C99047781E2B36CD0B0C3830C38957E6D14 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2465.P trojan" ac=I fn="C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55\4894d7f7-2fd1d4ef"
sh=948D74F342C210B8A80CEB9952A08A7E701760B7 ft=1 fh=9a254f0062222a12 vn="a variant of Win32/Injector.ALUI trojan" ac=I fn="C:\FRST\Quarantine\KB6797708\KB6797708.exe"
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by Heiko (administrator) on 31-08-2013 11:06:52
Running from C:\Dokumente und Einstellungen\Heiko\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe
(Hewlett-Packard Company) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Programme\Microsoft LifeCam\MSCamS32.exe
() C:\Programme\No-IP\DUC30.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
() C:\Programme\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Tobit.Software) C:\Programme\Desktop Protection For David®\TAVFDSrv.exe
( ) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
() C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
(Realtek Semiconductor Corp.) C:\DOKUME~1\Heiko\LOKALE~1\Temp\RtkBtMnt.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\LManager.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(ScanSoft, Inc.) C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
(Visagesoft) C:\Programme\Avanquest\PDF Experte 7 Professional\vspdfprsrv.exe
() C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Tobit.Software) C:\Programme\Desktop Protection For David®\TAVfD.exe
(Microsoft Corporation) C:\Programme\Messenger\msmsgs.exe
(Google Inc.) C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Tobit.Software) C:\Programme\Tobit Radio.fx\Client\rfx-tray.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
(Hewlett-Packard Co.) C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
(Hewlett-Packard) C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
() C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe
(Hewlett-Packard Co.) C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
(Avira Operations GmbH & Co. KG) c:\programme\avira\antivir desktop\avcenter.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [preload] - C:\Windows\RUNXMLPL.exe [20480 2007-04-21] (Wistron Corp.)
HKLM\...\Run: [IAAnotif] - C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [SynTPStart] - C:\Programme\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Programme\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [68640 2007-01-08] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [Acer ePresentation HPD] - C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [208896 2007-03-02] (Acer Inc.)
HKLM\...\Run: [ePower_DMC] - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [475136 2007-07-04] ()
HKLM\...\Run: [Boot] - C:\Acer\Empowering Technology\ePower\Boot.exe [579584 2006-03-15] ()
HKLM\...\Run: [eLockMonitor] - C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe [x]
HKLM\...\Run: [StarteLock] - C:\Acer\Empowering Technology\eLock\Service\startelock.exe [24576 2008-04-30] ()
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [342528 2007-05-28] (HiTRUST)
HKLM\...\Run: [eRecoveryService] - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [421888 2007-07-11] (Acer Inc.)
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [858632 2007-10-17] (Dritek System Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [310272 2005-05-27] (shbox.de)
HKLM\...\Run: [Client Access Service] - C:\Programme\IBM\Client Access\cwbsvstr.exe [20530 2002-08-06] (IBM Corporation)
HKLM\...\Run: [Client Access Help Update] - C:\Programme\IBM\Client Access\cwbinhlp.exe [24576 2002-08-06] (IBM Corporation)
HKLM\...\Run: [Client Access Check Version] - C:\Programme\IBM\Client Access\cwbckver.exe [45106 2002-08-06] (IBM Corporation)
HKLM\...\Run: [Client Access Express Welcome] - C:\Programme\IBM\Client Access\cwbwlwiz.exe [20480 2002-08-06] (IBM Corporation)
HKLM\...\Run: [LifeCam] - C:\Programme\Microsoft LifeCam\LifeExp.exe [279912 2007-05-17] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-09-30] (Scansoft, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [69632 2006-03-21] (ScanSoft, Inc.)
HKLM\...\Run: [vspdfprsrv.exe] - C:\Programme\Avanquest\PDF Experte 7 Professional\vspdfprsrv.exe [4111360 2010-11-09] (Visagesoft)
HKLM\...\Run: [openvpn-gui] - C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe [264704 2010-03-17] ()
HKLM\...\Run: [BCSSync] - C:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Tobit AntiVirus for Desktops] - C:\Programme\Desktop Protection For David®\TAVfD.exe [2653976 2013-05-22] (Tobit.Software)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] - C:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-10-23] (Google Inc.)
HKCU\...\Run: [rfxsrvtray] - C:\Programme\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKCU\...\Run: [Sony PC Companion] - "C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x]
MountPoints2: {4f96a2f0-73c4-11de-aa05-0017c4248dbd} - F:\AutoRun.exe
MountPoints2: {52375d3e-9570-11dd-9dcf-0017c4248dbd} - F:\AutoRun.exe
MountPoints2: {52375d41-9570-11dd-9dcf-0017c4248dbd} - F:\AutoRun.exe
MountPoints2: {83192e10-95ce-11dd-9dd1-0017c4248dbd} - G:\AutoRun.exe
MountPoints2: {83192e11-95ce-11dd-9dd1-0017c4248dbd} - F:\AutoRun.exe
MountPoints2: {95b7643c-9705-11dd-9dd3-0017c4248dbd} - F:\AutoRun.exe
MountPoints2: {acb2e4f2-cd4e-11dd-9e0d-0017c4248dbd} - H:\AUTORUN.EXE
MountPoints2: {f8e11745-d20d-11de-aa4f-0017c4248dbd} - H:\AUTORUN.EXE
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk
ShortcutTarget: Acer Empowering Technology.lnk -> C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk
ShortcutTarget: hp psc 1000 series.lnk -> C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
SearchScopes: HKLM - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049BBde&ptnrS=XPxdm049BBde&si=18239&ptb=71AC6E65-CCC4-467B-A061-96724FBF8094&psa=&ind=2012031316&st=sb&n=77ed2954&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
SearchScopes: HKCU - {5ACA60A0-C12A-4649-BB5C-58B50EBCDD43} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8595ab25-9e3d-4747-87ab-979007e0f043&apn_sauid=E5631309-C950-407E-BBA7-1CD0E6E4FFE5
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
SearchScopes: HKCU - {90B9E366-1C82-46D8-A271-10E81EB8D3BE} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049BBde&ptnrS=XPxdm049BBde&si=18239&ptb=71AC6E65-CCC4-467B-A061-96724FBF8094&psa=&ind=2012031316&st=sb&n=77ed2954&searchfor={searchTerms}
SearchScopes: HKCU - {DD6E4596-2515-4BB8-BE1F-56F3CCFBBBC3} URL = hxxp://suche.lycos.de/cgi-bin/pursuit?query={searchTerms}
BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL (My Search)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://vpn1.fh-heidelberg.de/+CSCOL+/relayp.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://83.36.54.4:8080/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://vpn1.fh-heidelberg.de/+CSCO+09756767633A2F2F63796E677362657A71792E6E71626F722E70627A++/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF Plugin: @TelevisionFanatic.com/Plugin - C:\Programme\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: TelevisionFanatic - C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\Extensions\64ffxtbr@TelevisionFanatic.com
FF Extension: Microsoft .NET Framework Assistant - C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Mozilla\Firefox\Profiles\uc82ronx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Skype Click to Call - C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] C:\Programme\TelevisionFanatic\bar\1.bin
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF HKCU\...\Firefox\Extensions: [{0ce6ac61-48e9-426f-9268-6f1e8ece06da}] C:\Programme\LyricsSeeker\131.xpi
FF Extension: No Name - C:\Programme\LyricsSeeker\131.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\Anwendungsdaten\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.18.0.crx
CHR HKLM\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Programme\LyricsSeeker\131.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Programme\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-03] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664 2011-05-25] (Apple Inc.)
R2 BcmSqlStartupSvc; C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [30312 2009-02-23] (Microsoft Corporation)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [387944 2011-07-12] (Apple Inc.)
S3 Cwbrxd; C:\WINDOWS\CWBRXD.EXE [57392 2002-08-06] (IBM Corporation)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-03-01] ( )
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-17] (Google)
R2 IAANTMON; C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe [355096 2007-03-21] (Intel Corporation)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [821096 2011-08-19] (Apple Inc.)
R2 LightScribeService; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSCamSvc; C:\Programme\Microsoft LifeCam\MSCamS32.exe [271720 2007-05-17] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28933976 2006-04-14] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 NoIPDUCService3; C:\Programme\No-IP\DUC30.exe [1423520 2010-06-18] ()
S3 OpenVPNService; C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe [39936 2010-03-17] ()
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 Radio.fx; C:\Programme\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 RichVideo; C:\Programme\CyberLink\Shared Files\RichVideo.exe [171040 2007-01-08] ()
R2 Skype C2C Service; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S3 Sony PC Companion; C:\Programme\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S4 SQLBrowser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [240416 2006-04-14] (Microsoft Corporation)
R2 SQLWriter; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [86880 2010-12-10] (Microsoft Corporation)
R2 TAVFDService; C:\Programme\Desktop Protection For David®\TAVFDSrv.exe [1965056 2013-06-04] (Tobit.Software)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [82380 2010-06-03] (Oak Technology Inc.)
R3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [546976 2007-05-02] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-12] (Avira Operations GmbH & Co. KG)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [160256 2007-02-16] (Broadcom Corporation)
S3 DTV_Capture_2X0; C:\Windows\System32\Drivers\DTV_Capture_2X0.sys [18432 2004-09-06] (Computer & Entertainment, Inc.)
S3 DTV_Loader_2X1; C:\Windows\System32\Drivers\DTV_Loader_2X1.sys [19328 2005-06-29] (WideView Technology Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-22] (Conexant Systems, Inc.)
R2 int15; C:\WINDOWS\system32\drivers\int15.sys [14120 2007-12-10] (Acer, Inc.)
S3 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 psdfilter; C:\WINDOWS\system32\Drivers\psdfilter.sys [12800 2007-05-28] (HiTRUST)
R3 psdvdisk; C:\WINDOWS\system32\Drivers\psdvdisk.sys [60416 2007-05-28] (HiTRUST)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 se44bus; C:\Windows\System32\DRIVERS\se44bus.sys [61536 2006-11-30] (MCCI)
S3 se44mdfl; C:\Windows\System32\DRIVERS\se44mdfl.sys [9360 2006-11-30] (MCCI)
S3 se44mdm; C:\Windows\System32\DRIVERS\se44mdm.sys [97088 2006-11-30] (MCCI)
S3 se44mgmt; C:\Windows\System32\DRIVERS\se44mgmt.sys [88624 2006-11-30] (MCCI)
S3 se44nd5; C:\Windows\System32\DRIVERS\se44nd5.sys [18704 2006-11-30] (MCCI)
S3 se44obex; C:\Windows\System32\DRIVERS\se44obex.sys [86432 2006-11-30] (MCCI)
S3 se44unic; C:\Windows\System32\DRIVERS\se44unic.sys [90800 2006-11-30] (MCCI)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-03] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34336 2010-03-17] (The OpenVPN Project)
R0 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [13952 2006-08-28] ()
S3 w810bus; C:\Windows\System32\DRIVERS\w810bus.sys [58288 2006-02-20] (MCCI)
S3 w810mdfl; C:\Windows\System32\DRIVERS\w810mdfl.sys [8336 2006-02-20] (MCCI)
S3 w810mdm; C:\Windows\System32\DRIVERS\w810mdm.sys [94064 2006-02-20] (MCCI)
S3 w810mgmt; C:\Windows\System32\DRIVERS\w810mgmt.sys [85408 2006-02-20] (MCCI)
S3 w810obex; C:\Windows\System32\DRIVERS\w810obex.sys [83344 2006-02-20] (MCCI)
R2 zntport; C:\WINDOWS\system32\drivers\zntport.sys [6080 2007-12-10] (Zeal SoftStudio)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-30 23:12 - 2013-08-30 23:12 - 00000760 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-30 23:12 - 2013-08-30 23:12 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-08-30 23:12 - 2013-08-30 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Malwarebytes
2013-08-30 23:12 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-30 22:58 - 2013-08-30 22:58 - 00000000 __SHD C:\Dokumente und Einstellungen\Heiko\IECompatCache
2013-08-30 22:46 - 2013-08-30 22:49 - 00000000 ____D C:\AdwCleaner
2013-08-30 22:45 - 2013-08-30 22:45 - 00994642 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\adwcleaner3001.exe
2013-08-30 22:34 - 2013-08-30 23:45 - 00000348 _____ C:\WINDOWS\Tasks\Lyrics Seeker Update.job
2013-08-30 22:34 - 2013-08-30 23:43 - 00000000 ____D C:\Programme\LyricsSeeker
2013-08-30 22:34 - 2013-08-30 22:34 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
2013-08-30 22:14 - 2013-08-30 22:14 - 00052668 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\FRST2.txt
2013-08-30 22:14 - 2013-08-30 22:14 - 00036788 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\Addition2.txt
2013-08-30 20:57 - 2013-08-30 20:57 - 00000000 ____D C:\FRST
2013-08-30 20:56 - 2013-08-30 20:54 - 01072975 _____ (Farbar) C:\Dokumente und Einstellungen\Heiko\Desktop\FRST.exe
2013-08-27 20:42 - 2013-08-27 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-27 20:41 - 2013-08-27 20:42 - 00004792 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-23 09:09 - 2013-08-23 09:09 - 17737608 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-08-16 08:16 - 2013-08-16 08:17 - 00012961 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-16 08:12 - 2013-08-16 08:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-16 08:11 - 2013-08-16 08:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-16 08:10 - 2013-08-16 08:10 - 00005703 _____ C:\WINDOWS\KB2863058.log
2013-08-16 08:10 - 2013-08-16 08:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-16 08:10 - 2013-08-16 08:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-16 08:10 - 2013-08-16 08:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 21:52 - 2013-08-16 08:11 - 00011739 _____ C:\WINDOWS\KB2859537.log
2013-08-14 21:52 - 2013-08-16 08:11 - 00010933 _____ C:\WINDOWS\KB2850869.log
2013-08-02 09:39 - 2013-08-02 09:39 - 00000000 ____D C:\Programme\Desktop Protection For David®
2013-08-02 09:39 - 2013-04-15 16:36 - 03326232 _____ (Tobit.Software) C:\WINDOWS\tavfduni.exe
2013-08-02 09:39 - 2013-03-22 10:51 - 01715200 _____ (Tobit Software) C:\WINDOWS\system32\tobit32.dll
==================== One Month Modified Files and Folders =======
2013-08-31 11:05 - 2008-03-23 00:58 - 01473339 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-31 11:05 - 2008-03-22 22:02 - 00000000 ___RD C:\Programme
2013-08-31 10:09 - 2012-03-29 19:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-31 03:08 - 2008-03-22 21:55 - 00000000 ____D C:\Programme\Microsoft SQL Server
2013-08-31 03:02 - 2008-03-22 21:55 - 00000000 ____D C:\WINDOWS\Registration
2013-08-30 23:46 - 2013-08-30 23:46 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Startmenü\Programme\CyberLink PowerDVD
2013-08-30 23:46 - 2008-09-19 20:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Heiko\Startmenü\Programme
2013-08-30 23:46 - 2008-06-29 18:18 - 00492220 _____ C:\WINDOWS\PreLaunch.log
2013-08-30 23:46 - 2008-03-23 00:29 - 01157547 _____ C:\WINDOWS\launApp.log
2013-08-30 23:45 - 2013-08-30 22:34 - 00000348 _____ C:\WINDOWS\Tasks\Lyrics Seeker Update.job
2013-08-30 23:45 - 2008-03-23 00:58 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-30 23:44 - 2008-03-23 00:58 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-30 23:44 - 2008-03-23 00:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-30 23:44 - 2008-03-23 00:29 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-08-30 23:43 - 2013-08-30 22:34 - 00000000 ____D C:\Programme\LyricsSeeker
2013-08-30 23:43 - 2010-02-10 02:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977914$
2013-08-30 23:42 - 2008-09-19 20:18 - 00000190 ___SH C:\Dokumente und Einstellungen\Heiko\ntuser.ini
2013-08-30 23:42 - 2008-09-19 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko
2013-08-30 23:42 - 2008-03-23 00:58 - 00032554 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-30 23:12 - 2013-08-30 23:12 - 00000760 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-30 23:12 - 2013-08-30 23:12 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-08-30 23:12 - 2013-08-30 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\Malwarebytes
2013-08-30 22:58 - 2013-08-30 22:58 - 00000000 __SHD C:\Dokumente und Einstellungen\Heiko\IECompatCache
2013-08-30 22:49 - 2013-08-30 22:46 - 00000000 ____D C:\AdwCleaner
2013-08-30 22:48 - 2008-09-19 20:18 - 00000000 ___RD C:\Dokumente und Einstellungen\Heiko\Startmenü
2013-08-30 22:45 - 2013-08-30 22:45 - 00994642 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\adwcleaner3001.exe
2013-08-30 22:34 - 2013-08-30 22:34 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
2013-08-30 22:14 - 2013-08-30 22:14 - 00052668 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\FRST2.txt
2013-08-30 22:14 - 2013-08-30 22:14 - 00036788 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\Addition2.txt
2013-08-30 22:10 - 2010-10-20 10:34 - 00001732 ____H C:\Dokumente und Einstellungen\Heiko\Eigene Dateien\Default.rdp
2013-08-30 20:57 - 2013-08-30 20:57 - 00000000 ____D C:\FRST
2013-08-30 20:55 - 2008-09-19 20:18 - 00000000 ___HD C:\Dokumente und Einstellungen\Heiko\Netzwerkumgebung
2013-08-30 20:54 - 2013-08-30 20:56 - 01072975 _____ (Farbar) C:\Dokumente und Einstellungen\Heiko\Desktop\FRST.exe
2013-08-30 17:16 - 2013-05-17 08:59 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-30 17:07 - 2011-07-22 09:04 - 00002593 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\Microsoft Outlook 2010.lnk
2013-08-27 21:01 - 2008-09-19 20:26 - 00000000 ____D C:\Programme\Launch Manager
2013-08-27 20:42 - 2013-08-27 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-27 20:42 - 2013-08-27 20:41 - 00004792 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 20:42 - 2008-03-23 00:58 - 01056276 _____ C:\WINDOWS\tsoc.log
2013-08-27 20:42 - 2008-03-23 00:58 - 00508009 _____ C:\WINDOWS\iis6.log
2013-08-27 20:42 - 2008-03-22 21:33 - 02308358 _____ C:\WINDOWS\FaxSetup.log
2013-08-27 20:42 - 2008-03-22 21:33 - 01109125 _____ C:\WINDOWS\ocgen.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00775526 _____ C:\WINDOWS\comsetup.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00707666 _____ C:\WINDOWS\msmqinst.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00467922 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00403109 _____ C:\WINDOWS\netfxocm.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00160109 _____ C:\WINDOWS\MedCtrOC.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00127156 _____ C:\WINDOWS\ocmsn.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00116209 _____ C:\WINDOWS\tabletoc.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00115076 _____ C:\WINDOWS\msgsocm.log
2013-08-27 20:42 - 2008-03-22 21:33 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-23 16:24 - 2011-08-11 12:59 - 00838152 _____ C:\WINDOWS\setupapi.log
2013-08-23 09:09 - 2013-08-23 09:09 - 17737608 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-08-23 09:09 - 2012-03-29 19:38 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-23 09:09 - 2011-05-16 16:29 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-22 20:53 - 2011-07-22 08:53 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-08-16 10:25 - 2008-03-22 23:03 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-16 09:06 - 2011-07-12 10:34 - 00000792 _____ C:\WINDOWS\Tobit.ini
2013-08-16 08:17 - 2013-08-16 08:16 - 00012961 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-16 08:17 - 2008-03-22 21:29 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-16 08:16 - 2013-08-16 08:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-16 08:16 - 2010-01-08 20:34 - 00000000 ____D C:\WINDOWS\ie8updates
2013-08-16 08:16 - 2008-03-22 21:29 - 00333608 _____ C:\WINDOWS\updspapi.log
2013-08-16 08:11 - 2013-08-16 08:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-16 08:11 - 2013-08-14 21:52 - 00011739 _____ C:\WINDOWS\KB2859537.log
2013-08-16 08:11 - 2013-08-14 21:52 - 00010933 _____ C:\WINDOWS\KB2850869.log
2013-08-16 08:11 - 2008-09-19 14:46 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-16 08:10 - 2013-08-16 08:10 - 00005703 _____ C:\WINDOWS\KB2863058.log
2013-08-16 08:10 - 2013-08-16 08:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-16 08:10 - 2013-08-16 08:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-16 08:10 - 2013-08-16 08:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-16 08:10 - 2008-03-22 21:25 - 00766066 _____ C:\WINDOWS\system32\TZLog.log
2013-08-16 08:06 - 2008-03-23 00:33 - 01190308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-03 01:48 - 2006-08-24 22:30 - 01543680 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmvdecod.dll
2013-08-02 16:40 - 2008-10-28 23:01 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\OpenOffice.org2
2013-08-02 16:40 - 2008-09-19 20:57 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\FreePDF
2013-08-02 09:39 - 2013-08-02 09:39 - 00000000 ____D C:\Programme\Desktop Protection For David®
2013-08-01 11:56 - 2011-07-31 10:42 - 00257024 ___SH C:\Dokumente und Einstellungen\Heiko\Desktop\Thumbs.db
2013-08-01 08:05 - 2011-07-12 10:35 - 00000000 ____D C:\Programme\Tobit InfoCenter
2013-08-01 08:04 - 2004-09-06 11:31 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
Files to move or delete:
====================
C:\DOKUME~1\Heiko\LOKALE~1\Temp\7.2.20.2-EasyShrx.Dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\AdobeUpdater12345.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\ApnStub.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\DataCard_Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\FP_PL_PFS_INSTALLER.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GoogleChromeInstaller.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GoogleToolbarInstaller_de.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\jre-6u33-windows-i586-iftw.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\jre-6u35-windows-i586-iftw.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\ose00000.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\PicasaUpdater_30b4.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Quarantine.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Relay.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\ResetDevice.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\RtkBtMnt.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\setup_wm.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\SkypeSetup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\TOBITCLT.DLL
C:\DOKUME~1\Heiko\LOKALE~1\Temp\vcredist_x86.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\ycomp_setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\_is24.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\_is29.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\_is2A.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\_is2B.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\_is2C.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\_is53.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\_is55.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{EE3E0FF4-A079-4245-B170-27B85A1B3DDB}\ISSetup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{EE3E0FF4-A079-4245-B170-27B85A1B3DDB}\_Setup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{ED18789D-F00B-4850-B802-E889BE630507}\Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{E6BAF396-7B12-4D94-B8B8-C877912A62C3}\ISSetup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{E6BAF396-7B12-4D94-B8B8-C877912A62C3}\_Setup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{E4A7E9E5-4BA9-48E4-AC25-C30838133976}\Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{D27767A1-34E5-405A-B5AA-AB6604213FAB}\ISSetup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{D27767A1-34E5-405A-B5AA-AB6604213FAB}\_Setup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{C8CD38DD-2A7E-41A2-8055-6795EE90BDC8}\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{B7C25DCA-C359-43C5-BC8E-37BE296DA1FE}\Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{AF118FD5-450A-4953-98AF-A91D8EF58168}\Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{AC76BA86-7AD7-1033-7B44-A81300000003}\FixTransforms.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{AC76BA86-7AD7-1033-7B44-A81300000003}\FixTransforms64bit.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{9F5CE102-81B3-4E53-837F-82B0BBF4AB4F}\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\difxapi.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{90ADCB7E-C66B-4394-A84D-61BB499AC0E9}\Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{8A6CBE77-8BA6-447C-9316-B8048449D236}\ISSetup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{8A6CBE77-8BA6-447C-9316-B8048449D236}\_Setup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{843897D3-A70A-41C1-84AE-147741773824}\Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{817E88AA-9384-4631-A0F9-8ED7AE92FF53}\Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{6BF00CB6-7E7B-4CB1-A7ED-BC38AE287749}\Setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{5599A0DD-C524-4056-9D70-59679405D286}\ISSetup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{5599A0DD-C524-4056-9D70-59679405D286}\_Setup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{07D17D8B-225C-4403-9699-F22FF236FC5A}\ISSetup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{07D17D8B-225C-4403-9699-F22FF236FC5A}\_Setup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\{079B2824-86DA-425B-B2C4-739043A3D424}\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\veetleb\gcapi_dll.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\VCB.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\ZHH\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\TRK\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\THA\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\SVE\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\RUS\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\PTG\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\PLK\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\NOR\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\NLD\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\JPN\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\ITA\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\HUN\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\HEB\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\FRC\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\FRA\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\FIN\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\ESP\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\ESM\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\ENU\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\ENG\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\ELL\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\DEU\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\DAN\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\CSY\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\CHT\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\CHS\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Languages\ARB\VCBResources.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\VCB\Graphics\NewUI.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\UTPSDLL\GdiPlus.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\UTPSDLL\mfc71.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\UTPSDLL\MFC71u.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\UTPSDLL\msvcp71.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\UTPSDLL\msvcr71.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Upgrade\MediaGo_1.3.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Upgrade\Sony Ericsson PC Suite_6.011.00_Web_DEU.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\TeamViewer\Version6\TeamViewer_.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Sony Ericsson\Sony Ericsson PC Suite\Sony Ericsson PC Companion_2.01.149_Web.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Sony Ericsson\Sony Ericsson PC Companion\AutoUpdate\Sony Ericsson PC Companion_2.01.173_NetStorage.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Sony Ericsson\Sony Ericsson PC Companion\AutoUpdate\Sony Ericsson PC Companion_2.01.192_NetStorage.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Sony Ericsson\Sony Ericsson PC Companion\AutoUpdate\Sony Ericsson PC Companion_2.01.210_NetStorage.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Sony Ericsson\Sony Ericsson PC Companion\AutoUpdate\Sony Ericsson PC Companion_2.01.217_NetStorage.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Sony Ericsson\Sony Ericsson PC Companion\AutoUpdate\Sony Ericsson PC Companion_2.01.231_NetStorage.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Sony Ericsson\Sony Ericsson PC Companion\AutoUpdate\Sony Ericsson PC Companion_2.02.002_NetStorage.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\PCCompanion\ISSetup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\PCCompanion\NewUI.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\PCCompanion\setup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\PCCompanion\_Setup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\PCCompanion\Drivers\DPInst.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\PCCompanion\Drivers\DPInst64.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Package4\clients\windows\tobitclt.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\Package3\clients\windows\tobitclt.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\is357113909\OpenItSetup.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\is357113909\wajam_validate.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\IPMx3\Lang\PackMan\DEU\packmandeu.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\GoogleUpdate.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdate.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\GoopdateBho.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ar.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_bg.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_bn.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ca.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_cs.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_da.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_de.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_el.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_en-GB.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_en.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_es-419.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_es.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_et.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_fa.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_fi.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_fil.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_fr.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_gu.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_hi.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_hr.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_hu.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_id.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_is.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_it.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_iw.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ja.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_kn.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ko.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_lt.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_lv.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ml.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_mr.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ms.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_nl.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_no.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_or.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_pl.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_pt-BR.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_pt-PT.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ro.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ru.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_sk.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_sl.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_sr.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_sv.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ta.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_te.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_th.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_tr.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_uk.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_ur.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_vi.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_zh-CN.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\goopdateres_zh-TW.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\GUMA5.tmp\npGoogleOneClick7.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\F.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\D.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\BExternal.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\BUSolForMontiera.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\ccp.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\ChromeToolbarSetup.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\CrxInstaller.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\GUninstaller.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\IEHelper.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\MntrDLLInstall.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9FAAFCFD-BAB0-7891-9FB1-241D27823E88\Latest\sqlite3.dll
C:\DOKUME~1\Heiko\LOKALE~1\Temp\9.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\5F.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\53.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\4A.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\49.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\28.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\27.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\26.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\25.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\19.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\18.dir\InstallFlashPlayer.exe
C:\DOKUME~1\Heiko\LOKALE~1\Temp\17.dir\InstallFlashPlayer.exe
C:\Windows\Tasks\At1.job
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2007-06-13 15:21] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2004-08-04 06:00] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2004-08-04 06:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2004-08-04 06:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2007-03-08 17:36] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2004-08-04 06:00] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 06:00] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
--- --- ---
--- --- ---
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Aktualität von System und Software