Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Redirect Virus entfernen - WIE ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.07.2011, 17:33   #1
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



Hey liebe Community,

ich habe die schon bekannten Probleme mit dem Google Redirect Virus "goingonearth.com".

Die Aufgehenden Werbefenster habe ich bereits mit einem Antivirusprogramm behoben - allerdings bleibt die ständige Weiterleitung auf Google und der deaktivierte Windows-Sicherheitscenter.

Mir ist bereits bekannt dass mit verschiedenen Analyse Tools und darauf folgendem Post der Analysetextdatei dieser Virus entfernt werden kann.

Begriffe wie OTL, ComboFix und MBRCheck sind mir bereits im Board aufgefallen...

Könnte einer der hier anwesenden Experten sich diesem Problem annehmen und mir erklären was ich tun muss?

Vielen Dank schon einmal
Florian

Alt 28.07.2011, 08:37   #2
kira
/// Helfer-Team
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Zitat:
Beschreibe, welche Versuche du unternommen hast, um das Problem zu lösen (schon vorhandene Logs/Protokolle auch posten)
1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - "Show all" soll nicht angehakt sein! dann klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

3.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
** kannst Du das Log bei File-Upload.net/kostenlos hochladen und den Link mir hier posten.
Anleitung:-> GMER - Rootkit Scanner

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 28.07.2011, 15:09   #3
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-28 15:04:43
Windows 6.1.7600  
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c0f6e6399d5                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c0f6e6399d5@e8e5d6d9ef1f         0x8E 0xA7 0x01 0xC0 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c0f6e6399d5 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c0f6e6399d5@e8e5d6d9ef1f             0x8E 0xA7 0x01 0xC0 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

das wäre schonmal die Log von gmer.exe
__________________

Alt 28.07.2011, 16:08   #4
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



Okay Schritt 2 dauert etwas...
Ich werde so zügig wie möglich weiter machen.

Vielen Dank schon einmal für die Hilfe

und die Bedingungen, dass diese Versuche auf mein Risiko gehen sind natürlich akzeptiert!

Grüße Florian

Alt 28.07.2011, 16:31   #5
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



So da Wäre der Log von Anti-Malware:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7309

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.07.2011 16:22:49
mbam-log-2011-07-28 (16-22-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 414498
Laufzeit: 1 Stunde(n), 1 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Florian\AppData\Local\Temp\filehunter-win32.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\Users\Florian\Desktop\Games\cs 1.6 lan\Valve\cstrike\super simple wall 4.01\ss wall v4.01.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\Users\Florian\downloads\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal.
c:\Users\Florian\LAN\cs 1.6 lan\Valve\cstrike\super simple wall 4.01\ss wall v4.01.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
         


Alt 29.07.2011, 14:39   #6
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



Hier wären zum einen der OTL.txt-log Teil 1:

Code:
ATTFilter
OTL logfile created on: 28.07.2011 21:33:42 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Florian\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 49,68% Memory free
7,35 Gb Paging File | 5,09 Gb Available in Paging File | 69,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,54 Gb Total Space | 330,09 Gb Free Space | 48,22% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-ACER | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.27 17:36:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.29 10:46:19 | 000,124,216 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2011.06.28 14:12:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.21 22:21:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.05.28 17:16:25 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.05.01 01:03:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.27 01:18:10 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.06 09:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.07.01 06:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.07.01 06:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.25 16:38:02 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2007.03.23 13:49:52 | 000,213,584 | ---- | M] (abylonsoft - Dr. Thomas Klabunde GbR) -- C:\Program Files (x86)\abylonsoft\SAWipe\SAWCtrlSer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.27 17:36:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.25 19:23:31 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 14:12:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 01:03:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.27 01:18:10 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.01.25 19:24:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.20 00:29:07 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.06 09:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.07.29 14:16:12 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.07.01 06:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.07.01 06:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.15 12:51:56 | 000,822,304 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.23 13:49:52 | 000,213,584 | ---- | M] (abylonsoft - Dr. Thomas Klabunde GbR) [Auto | Running] -- C:\Program Files (x86)\abylonsoft\SAWipe\SAWCtrlSer.exe -- (apmSAWCtrl)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.28 14:12:23 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 14:12:23 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 00:56:00 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.01.06 13:45:39 | 002,156,968 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2010.07.29 14:16:30 | 000,270,496 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.07.29 14:16:28 | 000,295,072 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.07.29 14:16:28 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.07.29 14:16:28 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.07.29 14:16:28 | 000,051,872 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.07.29 14:16:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.07.29 14:16:28 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.07.29 14:16:26 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.07.15 23:57:34 | 002,350,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.06.25 04:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.06.05 16:27:58 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.10.21 18:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.19 13:33:10 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/01 12:05:24] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl -- ({6E090BD5-4EF5-4bf0-A968-74049E88E935})
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2004.03.10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: imageblock@hemantvats.com:2.1
FF - prefs.js..extensions.enabledItems: ozymandias@securityheroes.com:1.0.2.618
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.21 22:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.21 22:02:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.21 22:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.17 23:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.27 16:43:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.17 23:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2011.01.21 21:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2011.01.21 21:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.28 21:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions
[2011.01.21 14:23:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.06 12:19:58 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011.01.19 23:48:01 | 000,000,000 | ---D | M] (ImageBlock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions\imageblock@hemantvats.com
[2011.02.04 14:09:14 | 000,000,000 | ---D | M] (Maximum AdBlock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions\ozymandias@securityheroes.com
[2011.01.19 23:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\ci4o5qai.default\extensions
[2011.07.07 21:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.20 21:26:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.21 14:35:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 01:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.07 21:32:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\FLORIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\94DAQGA8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FLORIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\94DAQGA8.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.06.21 22:21:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011.06.21 22:21:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.21 22:21:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.06.21 22:21:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.21 22:21:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.21 22:21:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.21 22:21:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.24 23:58:45 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\SysWow64\PSDrvCheck.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FileHunter Check for updates] C:\Users\Florian\AppData\Roaming\FileHunter\update.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3472fe9a-2558-11e0-a245-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{3472fe9a-2558-11e0-a245-60eb6983c96e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3472feab-2558-11e0-a245-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{3472feab-2558-11e0-a245-60eb6983c96e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{53f6d1c7-2969-11e0-ae38-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{53f6d1c7-2969-11e0-ae38-60eb6983c96e}\Shell\AutoRun\command - "" = E:\amplayer.exe autorun.dat
O33 - MountPoints2\{53f6d1e5-2969-11e0-ae38-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{53f6d1e5-2969-11e0-ae38-60eb6983c96e}\Shell\AutoRun\command - "" = F:\amplayer.exe autorun.dat
O33 - MountPoints2\{db9b4258-62ca-11e0-9d4f-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{db9b4258-62ca-11e0-9d4f-60eb6983c96e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff230b22-68db-11e0-8981-5cac4c3b7259}\Shell - "" = AutoRun
O33 - MountPoints2\{ff230b22-68db-11e0-8981-5cac4c3b7259}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff230b25-68db-11e0-8981-5cac4c3b7259}\Shell - "" = AutoRun
O33 - MountPoints2\{ff230b25-68db-11e0-8981-5cac4c3b7259}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
         

Alt 29.07.2011, 14:41   #7
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



OTL.txt-log Teil2:
Code:
ATTFilter
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.28 15:11:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes
[2011.07.28 15:11:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.28 15:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.28 15:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.28 15:11:02 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.28 15:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.27 17:36:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2011.07.27 03:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011.07.27 02:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.07.26 22:34:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2011.07.26 20:08:32 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\FileHunter
[2011.07.26 01:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
[2011.07.26 01:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\2BrightSparks
[2011.07.26 01:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2011.07.26 01:43:46 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\Nüx
[2011.07.25 19:51:35 | 000,066,048 | ---- | C] (Mddxxjhmz Qidmknjhiya) -- C:\Windows\SysWow64\C_875V.dll
[2011.07.19 02:40:52 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PantsOff
[2011.07.19 02:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PantsOff
[2011.07.19 02:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PantsOff
[2011.07.15 21:02:40 | 000,000,000 | R--D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2011.07.13 14:23:35 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.07.13 14:23:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 14:23:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 14:23:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 14:23:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 14:23:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 14:23:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 14:23:30 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.07.13 14:23:30 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.07.13 14:23:30 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.07.13 14:23:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.07.13 14:23:30 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.07.13 14:23:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.07.13 14:23:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.07.13 14:23:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.07.13 14:23:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.07.13 14:23:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.07.13 14:23:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.07.13 14:23:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.07.08 00:41:57 | 000,000,000 | ---D | C] -- C:\Users\Florian\Documents\Rockstar Games
[2011.07.08 00:39:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.07.08 00:39:13 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Rockstar Games
[2011.07.07 21:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.07.07 21:32:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.07.07 21:32:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.07.07 21:32:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.07.07 21:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA IV Complete Edition
[2011.07.02 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\Neuer Ordner
[2011.07.01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011.06.29 15:09:42 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.06.29 15:09:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.06.29 15:09:40 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011.06.29 15:09:40 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011.06.29 15:09:40 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011.06.29 15:09:40 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011.06.29 15:09:39 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011.06.29 15:09:39 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011.06.29 15:09:39 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011.06.29 15:09:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011.06.29 15:09:39 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011.06.29 15:09:39 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011.06.29 15:09:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011.06.29 15:09:39 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011.06.29 15:09:39 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011.06.29 15:09:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.28 20:04:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.28 20:04:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.28 19:57:40 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2011.07.28 19:57:17 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\ADXLZUPF.job
[2011.07.28 19:57:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.28 19:57:06 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.28 15:11:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.27 18:20:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.27 18:20:14 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.27 18:20:14 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.27 18:20:14 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.27 18:20:14 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.27 17:36:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2011.07.27 03:16:02 | 001,463,918 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.07.26 01:45:22 | 000,001,249 | ---- | M] () -- C:\Users\Florian\Desktop\EncryptOnClick.lnk
[2011.07.25 19:51:35 | 000,066,048 | ---- | M] (Mddxxjhmz Qidmknjhiya) -- C:\Windows\SysWow64\C_875V.dll
[2011.07.20 03:07:51 | 000,172,405 | ---- | M] () -- C:\Users\Florian\Desktop\caution_sign_w_exclamation.jpg
[2011.07.20 03:07:51 | 000,010,473 | ---- | M] () -- C:\Users\Florian\.recently-used.xbel
[2011.07.20 02:52:04 | 000,024,509 | ---- | M] () -- C:\Users\Florian\Desktop\caution_sign_w_exclamation.png
[2011.07.16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\gmer.exe
[2011.07.14 02:46:20 | 003,074,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.13 18:52:17 | 000,091,388 | ---- | M] () -- C:\Users\Florian\Desktop\KIMA_18_Thomas.jpg
[2011.07.08 14:58:28 | 000,063,292 | ---- | M] () -- C:\Users\Florian\Desktop\hot_crazy.xcf
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.01 21:13:14 | 000,000,947 | ---- | M] () -- C:\Users\Florian\Desktop\Audacity.lnk
[2011.07.01 11:49:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.29 23:06:42 | 000,006,144 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011.07.28 15:11:05 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.28 14:32:10 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\gmer.exe
[2011.07.27 16:43:46 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.07.27 02:44:31 | 001,463,918 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.07.26 01:45:22 | 000,001,249 | ---- | C] () -- C:\Users\Florian\Desktop\EncryptOnClick.lnk
[2011.07.25 19:51:35 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\ADXLZUPF.job
[2011.07.20 03:07:51 | 000,172,405 | ---- | C] () -- C:\Users\Florian\Desktop\caution_sign_w_exclamation.jpg
[2011.07.20 03:07:51 | 000,010,473 | ---- | C] () -- C:\Users\Florian\.recently-used.xbel
[2011.07.20 02:51:58 | 000,024,509 | ---- | C] () -- C:\Users\Florian\Desktop\caution_sign_w_exclamation.png
[2011.07.13 18:53:31 | 000,091,388 | ---- | C] () -- C:\Users\Florian\Desktop\KIMA_18_Thomas.jpg
[2011.07.07 04:50:28 | 000,063,292 | ---- | C] () -- C:\Users\Florian\Desktop\hot_crazy.xcf
[2011.07.01 21:13:14 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011.07.01 21:13:14 | 000,000,947 | ---- | C] () -- C:\Users\Florian\Desktop\Audacity.lnk
[2011.06.08 03:43:26 | 000,406,016 | ---- | C] () -- C:\Windows\SysWow64\PSDrvCheck.exe
[2011.06.08 03:41:08 | 000,000,063 | ---- | C] () -- C:\Windows\PixieTool.INI
[2011.06.07 22:48:25 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.04.09 16:08:47 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2011.03.23 00:44:00 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2011.03.23 00:44:00 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2011.03.18 17:10:08 | 000,006,144 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.06 15:29:58 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.03.01 19:59:33 | 000,000,173 | ---- | C] () -- C:\Windows\SAWReg.ini
[2011.01.31 23:32:19 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll
[2011.01.27 01:11:52 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.27 01:11:48 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.27 01:11:46 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.01.23 03:19:59 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011.01.21 21:50:40 | 000,007,606 | ---- | C] () -- C:\Users\Florian\AppData\Local\resmon.resmoncfg
[2011.01.19 23:33:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.01 12:38:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.01 12:34:27 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.09.08 10:17:26 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.09.08 10:17:26 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.09.08 10:17:26 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.09.08 10:17:26 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.09.08 10:17:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.09.08 10:17:24 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.08 09:41:35 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004.03.18 08:44:29 | 001,663,068 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll
 
========== LOP Check ==========
 
[2011.06.02 03:22:40 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\.minecraft
[2011.03.01 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\apm
[2011.04.10 00:29:43 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\CadSoft
[2011.01.27 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DAEMON Tools Lite
[2011.03.22 14:19:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\elsterformular
[2011.01.27 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Engelmann Media
[2011.07.26 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FileHunter
[2011.01.20 01:49:26 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FreeArc
[2011.07.20 03:07:51 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0
[2011.04.09 14:46:53 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ibf
[2011.07.28 19:58:19 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ICQ
[2011.06.29 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Liteon
[2011.03.18 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ManyCam
[2011.03.23 04:17:56 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Neuratron
[2011.01.19 23:48:23 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\SecurityHeroes
[2011.04.27 01:35:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Softland
[2011.04.20 00:02:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer
[2011.01.21 21:45:49 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird
[2011.04.17 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\UBNet
[2011.07.28 19:57:17 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\ADXLZUPF.job
[2011.07.25 13:51:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:054B9966
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >
         

Alt 29.07.2011, 14:42   #8
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



und der Extras.txt-log:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.07.2011 21:33:42 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Florian\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 49,68% Memory free
7,35 Gb Paging File | 5,09 Gb Available in Paging File | 69,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,54 Gb Total Space | 330,09 Gb Free Space | 48,22% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-ACER | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B36047D4-E932-C4B2-0DF2-94C8577468A9}" = ATI Catalyst Install Manager
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DB80D7F6-DFF5-3B08-9CB4-2FD91DB6B0BC}" = ccc-utility64
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"doPDF 7 printer_is1" = doPDF 7.2 printer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D26B11-2DCC-21E9-1CBE-1A84F29C5615}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D3D90-24FC-B4F1-3188-B30DDEDA4930}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26FC7F7F-8CC0-BB65-7BD5-DE6B84397517}" = Catalyst Control Center Graphics Full Existing
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FD186BB-0278-AE1C-5A6A-FEEDA2E628B2}" = CCC Help Korean
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C2060B5-40BB-5BF2-7D8C-5F50A45FE8FF}" = CCC Help Dutch
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4286A2D8-127A-D067-D03E-5B619E4BA39D}" = Catalyst Control Center Graphics Previews Vista
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5271E2B2-880F-5484-8972-D7F89CCEC3EF}" = CCC Help Chinese Standard
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{599ECF38-67E6-3D93-D41D-7D36AF54B5F7}" = Catalyst Control Center Localization All
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6112293F-48E0-40E2-BAE0-69109BDDD58B}" = Sibelius 5
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{66F9F80A-A9F6-FA9B-836A-4DF3AD89157C}" = CCC Help Japanese
"{67B2A8FD-0BF5-A71C-03C3-287AF5894FF6}" = CCC Help Finnish
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A81E096-41E9-2D35-53E1-E45677F14D73}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D079713-D160-DB5E-74C8-36D037F687AD}" = Catalyst Control Center InstallProxy
"{6FD38C99-A371-F491-CB0A-D42DD467640E}" = Catalyst Control Center Core Implementation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7225AFBA-5C8D-90EB-B768-8B10EC636757}" = ccc-core-static
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B3A7453-BC40-A694-01EE-FCFCA728D882}" = CCC Help Polish
"{7BA3A243-7D3D-844E-B851-CA35D782FF9F}" = CCC Help Turkish
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84F87B60-7726-45EA-A69C-7165D2D89DBA}" = Sibelius Sounds Essentials Update
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D3D44F5-C798-2D03-FC42-A5007C516AE6}" = CCC Help Chinese Traditional
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90C3A9F7-B751-718E-DBA1-4D81F82E9969}" = Catalyst Control Center Graphics Full New
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93DCD69C-49D9-A710-BA7C-90C13DB491D3}" = Catalyst Control Center Graphics Light
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEC152C-A8EB-3048-A758-5136B5E46F49}" = CCC Help Thai
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A0A7E755-8234-8E24-F246-B4A832E0E331}" = CCC Help Czech
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4489FF3-B501-D9AB-7E48-34A092C2F423}" = CCC Help Italian
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A919AABD-61FA-4E16-0000-26966C3D2481}" = GameJack 6
"{AB0EC377-ECAF-7252-C2B7-BAD2FEF6FAC2}" = CCC Help Danish
"{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}" = AKVIS Sketch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B40A2996-D76F-4D2A-D7DF-230B7DD63948}" = CCC Help Swedish
"{B5C44728-55D9-A94E-7951-B8AB8841E3AA}" = CCC Help Hungarian
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BA813C30-43A7-11DF-6784-003D816018BE}" = TamoGraph Site Survey
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C54DA176-5E55-EDEE-EEBF-9894DB61B8C1}" = CCC Help Russian
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1079D9F-7778-366C-AA9F-F3AC68EC8141}" = PX Profile Update
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E09D4613-287C-74AB-3FF1-FA8B49BB049C}" = CCC Help German
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ED34C5C7-715F-E278-7646-1152667B228D}" = CCC Help Portuguese
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6549C92-F6A2-78C6-4BEB-26D2966347EE}" = CCC Help Greek
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAC2C91B-0953-94F6-AD56-8088C7AC280E}" = CCC Help Spanish
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"abylonprotectionmanagerschredder_is1" = abylon SHREDDER 6.5
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AiroWizard 1.0 Beta" = AiroWizard 1.0 Beta
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Buchstaben Schablonen 1" = Buchstaben Schablonen 1
"Call of Duty Black Ops_is1" = Call of Duty Black Ops
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Combat Arms EU" = Combat Arms EU
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Setup.divx.com" = DivX-Setup
"EAGLE 5.11.0" = EAGLE 5.11.0
"ELECTRA_is1" = ELECTRA 2.4
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"EncryptOnClick_is1" = EncryptOnClick
"FreeArc" = FreeArc 0.666
"Grand Theft Auto" = Grand Theft Auto
"Hollywood FX" = Pinnacle Hollywood FX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"ManyCam" = ManyCam 2.5.48 (remove only)
"Maple 9.5" = Maple 9.5
"MinecraftCrack1.0" = MinecraftCrack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"Neuratron PhotoScore Lite (D)" = Neuratron PhotoScore Lite (D)
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.142
"RealPlayer 12.0" = RealPlayer
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Steam App 10" = Counter-Strike
"Target 3001! V14 conrad" = Target 3001! V14 conrad
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileHunter" = FileHunter
"UBNet" = UBNet
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.07.2011 16:14:25 | Computer Name = LAPTOP-ACER | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 09.07.2011 10:04:11 | Computer Name = LAPTOP-ACER | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.07.2011 10:06:03 | Computer Name = LAPTOP-ACER | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 09.07.2011 18:34:46 | Computer Name = LAPTOP-ACER | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1051,
 Zeitstempel: 0x4bcee2f2  Name des fehlerhaften Moduls: atiadlxx.dll, Version: 6.14.10.1054,
 Zeitstempel: 0x4bced60a  Ausnahmecode: 0xc000041d  Fehleroffset: 0x000000000001e8d8
ID
 des fehlerhaften Prozesses: 0x4a0  Startzeit der fehlerhaften Anwendung: 0x01cc3e38b8443d75
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\atiadlxx.dll  Berichtskennung: a558ff13-aa7b-11e0-aedb-5cac4c3b7259
 
Error - 09.07.2011 19:37:49 | Computer Name = LAPTOP-ACER | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.07.2011 19:39:48 | Computer Name = LAPTOP-ACER | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 10.07.2011 13:06:10 | Computer Name = LAPTOP-ACER | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.5.0.5255 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1308    Startzeit:
 01cc3f23728a6400    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\ICQ7.5\ICQ.exe

Berichts-ID:
 e206e89e-ab16-11e0-9865-5cac4c3b7259  
 
Error - 10.07.2011 13:08:30 | Computer Name = LAPTOP-ACER | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 5.0.0.4183 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b2c    Startzeit: 
01cc3f23cf24da6a    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 3a9f3e02-ab17-11e0-9865-5cac4c3b7259  
 
Error - 10.07.2011 18:41:10 | Computer Name = LAPTOP-ACER | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.07.2011 18:43:08 | Computer Name = LAPTOP-ACER | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 28.07.2011 10:24:29 | Computer Name = LAPTOP-ACER | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\pclepci.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.07.2011 10:24:32 | Computer Name = LAPTOP-ACER | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\ASAPIW2k.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.07.2011 10:24:35 | Computer Name = LAPTOP-ACER | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\ASAPIW2k.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.07.2011 10:24:35 | Computer Name = LAPTOP-ACER | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\ASAPIW2k.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.07.2011 10:24:51 | Computer Name = LAPTOP-ACER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCLEPCI
 
Error - 28.07.2011 13:57:04 | Computer Name = LAPTOP-ACER | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\pclepci.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.07.2011 13:57:05 | Computer Name = LAPTOP-ACER | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\ASAPIW2k.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.07.2011 13:57:07 | Computer Name = LAPTOP-ACER | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\ASAPIW2k.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.07.2011 13:57:07 | Computer Name = LAPTOP-ACER | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\ASAPIW2k.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.07.2011 13:57:23 | Computer Name = LAPTOP-ACER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCLEPCI
 
 
< End of report >
         
--- --- ---


Die Programmliste aus dem CCleaner folgt... !

Alt 29.07.2011, 14:43   #9
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



Doppelpost...

Geändert von flo199213 (29.07.2011 um 15:10 Uhr)

Alt 29.07.2011, 14:44   #10
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



Doppelpost...

Geändert von flo199213 (29.07.2011 um 15:10 Uhr)

Alt 29.07.2011, 14:51   #11
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



4. Punkt - die Softwareliste vom CCleaner
Code:
ATTFilter
abylon SHREDDER 6.5	abylonsoft	28.02.2011		6.5
Acer Arcade Deluxe	CyberLink Corp.	31.10.2010	92,0MB	4.0.8012
Acer Backup Manager	NewTech Infosystems	07.09.2010	27,5MB	2.0.0.68
Acer Crystal Eye webcam	Liteon	31.10.2010	3,26MB	1.0.4.3
Acer eRecovery Management	Acer Incorporated	07.09.2010		4.05.3013
Acer GameZone Console	Oberon Media, Inc.	07.09.2010	31,0MB	6.1.0.9
Acer PowerSmart Manager	Acer Incorporated	31.10.2010		5.01.3003
Acer Registration	Acer Incorporated	31.10.2010		1.03.3003
Acer ScreenSaver	Acer Incorporated	31.10.2010		1.1.0804.2010
Acer Updater	Acer Incorporated	07.09.2010		1.02.3001
Acrobat.com	Adobe Systems Incorporated	07.09.2010	1,61MB	1.6.65
Adobe AIR	Adobe Systems Inc.	07.09.2010		1.5.0.7220
Adobe Anchor Service x64 CS4		07.09.2010		
Adobe CMaps x64 CS4		07.09.2010		
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen	Adobe Systems Incorporated	23.01.2011		1.0
Adobe CSI CS4 x64		07.09.2010		
Adobe Drive CS4 x64		07.09.2010		
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	10.05.2011	6,00MB	10.2.159.1
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	30.06.2011	6,00MB	10.3.181.26
Adobe Fonts All x64		07.09.2010		
Adobe Linguistics CS4 x64		07.09.2010		
Adobe PDF Library Files x64 CS4		07.09.2010		
Adobe Photoshop CS4	Adobe Systems Incorporated	24.01.2011	2.096MB	11.0
Adobe Photoshop CS4 (64 Bit)		07.09.2010		
Adobe Reader 9.4.5 MUI	Adobe Systems Incorporated	16.06.2011	692MB	9.4.5
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	12.06.2011		11.5.9.620
Adobe Type Support x64 CS4		07.09.2010		
Adobe WinSoft Linguistics Plugin x64		07.09.2010		
AiroWizard 1.0 Beta		08.05.2011		
Airport Mania First Flight	Oberon Media	31.10.2010		
AKVIS Sketch	AKVIS	26.06.2011	32,8MB	12.5.2265.7774
Alcor Micro USB Card Reader	Alcor Micro Corp.	07.09.2010	2,88MB	1.3.17.05006
Amazonia	Oberon Media	31.10.2010		
Apple Application Support	Apple Inc.	24.01.2011	52,8MB	1.4.1
Apple Software Update	Apple Inc.	24.01.2011	2,16MB	2.1.1.116
Ask Toolbar	Ask.com	23.03.2011	2,83MB	1.11.3.0
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	07.09.2010		1.0.0.33
ATI Catalyst Install Manager	ATI Technologies, Inc.	31.10.2010	22,1MB	3.0.765.0
Audacity 1.2.6		30.06.2011		
Avira AntiVir Personal - Free Antivirus	Avira GmbH	01.07.2011	76,9MB	10.2.0.696
Biet-O-Matic v2.14.8	BOM Development Team	05.03.2011		Biet-O-Matic v2.14.8
Bluetooth Win7 Suite (64)	Atheros Communications	31.10.2010	35,4MB	7.02.000.6
Buchstaben Schablonen 1		06.06.2011		
Cake Mania	Oberon Media	31.10.2010		
Call of Duty Black Ops	Activision Blizzard	24.01.2011		1.0
Call of Duty Modern Warfare 2	Activision	26.01.2011		
Call of Duty(R) 4 - Modern Warfare(TM)	Activision	26.01.2011	2.283MB	1.00.0000
Camtasia Studio 7	TechSmith Corporation	08.02.2011	142,1MB	7.0.1
CCleaner	Piriform	24.01.2011		3.00
Combat Arms EU		20.01.2011		
CommView for WiFi	TamoSoft	08.05.2011		6.3
Company of Heroes	THQ Inc.	20.01.2011		2.201.0
Counter-Strike	Valve	19.01.2011		
DAEMON Tools Lite	DT Soft Ltd	26.01.2011		4.40.2.0131
DivX-Setup	DivX, LLC	20.02.2011		2.3.1.2
doPDF 7.2 printer	Softland	26.04.2011	13,6MB	
Dream Day First Home	Oberon Media	31.10.2010		
EAGLE 5.11.0	CadSoft Computer GmbH	09.04.2011		5.11.0
eBay Worldwide	OEM	18.01.2011	100,00KB	2.1.0901
ELECTRA 2.4	KONEKT	08.04.2011		
ElsterFormular für Privatanwender	Landesfinanzdirektion Thüringen	20.03.2011		12.1.1.6214p
EncryptOnClick	2BrightSparks	25.07.2011	3,22MB	
EPSON-Drucker-Software	SEIKO EPSON Corporation	07.02.2011		
eSobi v2	esobi Inc.	07.09.2010	20,4MB	2.0.4.000274
Far Cry	Nombre de su organización	26.01.2011	3.115MB	1.00.0000
Farm Frenzy 2	Oberon Media	31.10.2010		
FileHunter		25.07.2011		
FreeArc 0.666	Bulat Ziganshin	19.01.2011		0.666
Galapago	Oberon Media	31.10.2010		
GameJack 6	S.A.D.	25.01.2011	19,2MB	6.0.0.921
GIMP 2.6.8		19.02.2011		
GmoteServer	Gmote.org	20.02.2011		2.0.2
Grand Theft Auto		07.05.2011		
GTA2		07.05.2011		1.00.001
Heroes of Hellas	Oberon Media	31.10.2010		
ICQ7.5	ICQ	10.06.2011		7.5
Identity Card	Acer Incorporated	31.10.2010		1.00.3003
Intel(R) Management Engine Components	Intel Corporation	01.11.2010		6.0.0.1179
Intel(R) Rapid Storage Technology	Intel Corporation	27.07.2011		9.6.0.1014
Intel(R) Turbo Boost Technology Driver	Intel Corporation	01.11.2010		01.01.01.1007
IsoBuster 2.8.5	Smart Projects	25.01.2011	10,7MB	2.8.5
Java(TM) 6 Update 26	Oracle	19.01.2011	95,0MB	6.0.260
JDownloader	AppWork UG (haftungsbeschränkt)	19.01.2011		
Launch Manager	Acer Inc.	31.10.2010		4.0.14
LogMeIn Hamachi	LogMeIn, Inc.	19.01.2011		2.0.3.89
Malwarebytes' Anti-Malware Version 1.51.1.1800	Malwarebytes Corporation	27.07.2011	13,4MB	1.51.1.1800
ManyCam 2.5.48 (remove only)	ManyCam LLC	17.03.2011		2.5.48
Maple 9.5	Maplesoft	30.01.2011		1.0.0.0
Merriam Websters Spell Jam	Oberon Media	31.10.2010		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	21.01.2011	38,8MB	4.0.30319
Microsoft Office Home and Student 2007	Microsoft Corporation	02.03.2011		12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	16.06.2011	120,1MB	4.0.60531.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	31.10.2010	1,72MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	28.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	26.07.2011	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	26.07.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	20.03.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	07.09.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	19.01.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,59MB	9.0.30729.6161
Mobile Partner	Huawei Technologies Co.,Ltd	20.01.2011		11.302.06.07.40
Mozilla Firefox 5.0 (x86 de)	Mozilla	20.06.2011	55,4MB	5.0
Mozilla Thunderbird (5.0)	Mozilla	26.07.2011		5.0 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	21.01.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	21.01.2011	1,33MB	4.20.9876.0
MyWinLocker Suite	Egis Technology Inc.	07.09.2010	2,20MB	3.1.212.0
Neuratron PhotoScore Lite (D)	Neuratron Limited	22.03.2011		5.1.0
Norton Online Backup	Symantec Corporation	07.09.2010	6,20MB	2.1.17869
NTI Backup Now 5	NewTech Infosystems	07.09.2010	467MB	5.1.2.630
NTI Media Maker 8	NewTech Infosystems	07.09.2010	773MB	8.0.12.6636
PantsOff 2.0	Christoph Bünger Software	18.07.2011		2.0
Photoshop Camera Raw_x64		07.09.2010		
Pinnacle Hollywood FX		07.06.2011		
Poker Pop	Oberon Media	31.10.2010		
QuickTime	Apple Inc.	24.01.2011	73,7MB	7.69.80.9		
RealPlayer	RealNetworks	27.05.2011		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	31.10.2010		6.0.1.6050
Recovery Toolbox for RAR 1.1	Recovery Toolbox, Inc.	26.01.2011		
Sibelius 5	Sibelius Software	22.03.2011	402MB	5.2.0
Sibelius Scorch (Firefox, Opera, Netscape only)	Sibelius Software	17.05.2011	39,3MB	6.2.0
Skype™ 5.3	Skype Technologies S.A.	25.06.2011	16,6MB	5.3.120
Spin & Win	Oberon Media	31.10.2010		
Steam	Valve Corporation	18.01.2011	42,3MB	1.0.0.0
Studio 9	Pinnacle Systems	07.06.2011		9.1
Synaptics Pointing Device Driver	Synaptics Incorporated	07.09.2010		15.0.12.0
TamoGraph Site Survey	TamoSoft	09.05.2011		2.00.000
Target 3001! V14 conrad	Ing. Buero FRIEDRICH	08.04.2011		
TmNationsForever	Nadeo	25.01.2011		
UBNet		15.04.2011		
Unreal Anthology	Epic Games, Inc.	28.01.2011		1.00.0000
VirtualCloneDrive	Elaborate Bytes	26.01.2011		
VLC media player 1.1.5	VideoLAN	18.01.2011		1.1.5
Welcome Center	Acer Incorporated	31.10.2010		1.02.3004
Windows Live Anmelde-Assistent	Microsoft Corporation	31.10.2010	1,94MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	31.10.2010		14.0.8117.0416
Windows Live Sync	Microsoft Corporation	31.10.2010	2,79MB	14.0.8117.416
Windows Live-Uploadtool	Microsoft Corporation	31.10.2010	0,22MB	14.0.8014.1029
WinRAR		18.01.2011		
Überwachungstool für die Intel® Turbo-Boost-Technik	Intel	31.10.2010	1,13MB	1.0.186.6
         
hoffentlich ist noch was zu retten ... :-(

Grüße Florian

Alt 30.07.2011, 09:14   #12
kira
/// Helfer-Team
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:
ATTFilter
Ask Toolbar - Adware -Toolbar
         
Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

2.
Ich würde das Tool nur mit vorsicht genießen!:
Zitat:
FileHunter
Solche Art von Software kann im schlimmsten Fall das ganze System beschädigen (Datei fehlt oder beschädigt). In diesem Bereich gehören noch diverse Registry-Reinigungstool und Optimierungsprogramme auch!

3.
Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum?
Code:
ATTFilter
O1 - Hosts: 127.0.0.1 activate.adobe.com
         
alle Anwendungen aus der Adobe Produktfamilie legal erworben?

4.
Die folgende Aufgabe im Task sagt mir nichts:
Code:
ATTFilter
C:\Windows\tasks\ADXLZUPF.job
         
Falls Du (auch) nicht kennst, kannst herauslöschen

5.
sagt mir auch nichts, Dir bekannt?:
Zitat:
C:\Users\Florian\Desktop\hot_crazy.xcf
6.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
[2011.06.21 22:21:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.06.21 22:21:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3472fe9a-2558-11e0-a245-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{3472fe9a-2558-11e0-a245-60eb6983c96e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3472feab-2558-11e0-a245-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{3472feab-2558-11e0-a245-60eb6983c96e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{53f6d1c7-2969-11e0-ae38-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{53f6d1c7-2969-11e0-ae38-60eb6983c96e}\Shell\AutoRun\command - "" = E:\amplayer.exe autorun.dat
O33 - MountPoints2\{53f6d1e5-2969-11e0-ae38-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{53f6d1e5-2969-11e0-ae38-60eb6983c96e}\Shell\AutoRun\command - "" = F:\amplayer.exe autorun.dat
O33 - MountPoints2\{db9b4258-62ca-11e0-9d4f-60eb6983c96e}\Shell - "" = AutoRun
O33 - MountPoints2\{db9b4258-62ca-11e0-9d4f-60eb6983c96e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff230b22-68db-11e0-8981-5cac4c3b7259}\Shell - "" = AutoRun
O33 - MountPoints2\{ff230b22-68db-11e0-8981-5cac4c3b7259}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff230b25-68db-11e0-8981-5cac4c3b7259}\Shell - "" = AutoRun
O33 - MountPoints2\{ff230b25-68db-11e0-8981-5cac4c3b7259}\Shell\AutoRun\command - "" = G:\AutoRun.exe
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:054B9966
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

7.
Empfehlungen/Vorschläge:
Wie lange dauert die Startvorgang? Wenn du auf der Stelle ein schnelleres System haben möchtest:
- Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
- Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.
"Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK"
- Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart...
- Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten`
(Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.)
- Falls Du mal brauchst, manueller Start jederzeit möglich
- Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*):
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
         
Da es ist immer Benutzerspezifisch, ein allgemein gültiges Rezept gibt es nicht, finde über Google die Grundfunktionen der einzelnen Programme heraus!
Gleich ein paar Vorschläge:
Code:
ATTFilter
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\SysWow64\PSDrvCheck.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FileHunter Check for updates] C:\Users\Florian\AppData\Roaming\FileHunter\update.exe ()
         
8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 30.07.2011, 15:24   #13
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



1. Ask Toolbar deinstalliert.

2. FileHunter deinstalliert (die Anwendungsdatei selbst wurde sowieso schon von Malwarebytes entfernt aufgrund von Adware)

3. Ich meine mich zu erinnern, dass ich mal mit der Hotline von Adobe zusammen etwas derartiges unternommen habe. Problem war, dass die Aktivierung von CS4 nicht funktionierte..
Besteht denn irgendwie die Möglichkeit den Eintrag wieder zu entfernen oder stört der Eintrag in der Hosts nicht weiter?
Die Software wird von mir nicht mehr verwendet und bedarf somit auch keiner Funktionsfähigkeit - würde eine einfache Deinstallation von Photoshop CS4 ausreichen ?

4. Der Task ADXLZUPF.job ist nicht mehr im Task-Ordner zu finden ?!

5. .xcf Dateien sind Dateien vom Bildbearbeitungsprogramm "Gimp" - diese wurde von mir selbst erstellt.

6.
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3472fe9a-2558-11e0-a245-60eb6983c96e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3472fe9a-2558-11e0-a245-60eb6983c96e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3472fe9a-2558-11e0-a245-60eb6983c96e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3472fe9a-2558-11e0-a245-60eb6983c96e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3472feab-2558-11e0-a245-60eb6983c96e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3472feab-2558-11e0-a245-60eb6983c96e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3472feab-2558-11e0-a245-60eb6983c96e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3472feab-2558-11e0-a245-60eb6983c96e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53f6d1c7-2969-11e0-ae38-60eb6983c96e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53f6d1c7-2969-11e0-ae38-60eb6983c96e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53f6d1c7-2969-11e0-ae38-60eb6983c96e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53f6d1c7-2969-11e0-ae38-60eb6983c96e}\ not found.
File E:\amplayer.exe autorun.dat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53f6d1e5-2969-11e0-ae38-60eb6983c96e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53f6d1e5-2969-11e0-ae38-60eb6983c96e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53f6d1e5-2969-11e0-ae38-60eb6983c96e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53f6d1e5-2969-11e0-ae38-60eb6983c96e}\ not found.
File F:\amplayer.exe autorun.dat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db9b4258-62ca-11e0-9d4f-60eb6983c96e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db9b4258-62ca-11e0-9d4f-60eb6983c96e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db9b4258-62ca-11e0-9d4f-60eb6983c96e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db9b4258-62ca-11e0-9d4f-60eb6983c96e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff230b22-68db-11e0-8981-5cac4c3b7259}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff230b22-68db-11e0-8981-5cac4c3b7259}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff230b22-68db-11e0-8981-5cac4c3b7259}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff230b22-68db-11e0-8981-5cac4c3b7259}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff230b25-68db-11e0-8981-5cac4c3b7259}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff230b25-68db-11e0-8981-5cac4c3b7259}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff230b25-68db-11e0-8981-5cac4c3b7259}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff230b25-68db-11e0-8981-5cac4c3b7259}\ not found.
File G:\AutoRun.exe not found.
ADS C:\ProgramData\Temp:054B9966 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Florian
->Temp folder emptied: 2016755715 bytes
->Temporary Internet Files folder emptied: 929949679 bytes
->Java cache emptied: 867586 bytes
->FireFox cache emptied: 601108374 bytes
->Flash cache emptied: 108863 bytes
 
User: Freunde
->Temp folder emptied: 34299 bytes
->Temporary Internet Files folder emptied: 62861 bytes
->Flash cache emptied: 75 bytes
 
User: Owner
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1155510707 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 715847 bytes
 
Total Files Cleaned = 4.487,00 mb
 
 
OTL by OldTimer - Version 3.2.26.1 log created on 07302011_145858

Files\Folders moved on Reboot...
C:\Users\Florian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 30.07.2011, 16:21   #14
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



7. Ein bisschen aufgeräumt im Autostart...
Code:
ATTFilter
Nein	HKCU:Run	DAEMON Tools Lite	"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
Ja	HKLM:Run	Adobe Reader Speed Launcher	"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Ja	HKLM:Run	BackupManagerTray	"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
Ja	HKLM:Run	StartCCC	"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Ja	HKLM:Run	Adobe ARM	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja	HKLM:Run	avgnt	"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Ja	HKLM:Run	LogMeIn Hamachi Ui	"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Ja	HKLM:Run	SunJavaUpdateSched	"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Ja	HKLM:Run	Malwarebytes' Anti-Malware	"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Nein	HKLM:Run	SuiteTray	"C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
Ja	HKLM:Run	RtHDVCpl	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Ja	HKLM:Run	RtHDVBg	C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
Ja	HKLM:Run	AmIcoSinglun64	C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
Ja	HKLM:Run	SynTPEnh	%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja	HKLM:Run	IgfxTray	C:\Windows\system32\igfxtray.exe
Ja	HKLM:Run	HotKeysCmds	C:\Windows\system32\hkcmd.exe
Ja	HKLM:Run	Persistence	C:\Windows\system32\igfxpers.exe
Ja	HKLM:Run	AtherosBtStack	"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Ja	HKLM:Run	AthBtTray	"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
Ja	HKLM:Run	Acer ePower Management	C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
Nein	HKLM:Run	AdobeCS4ServiceManager	"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
Nein	HKLM:Run	ArcadeMovieService	"C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
Nein	HKLM:Run	DivXUpdate	"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Nein	HKLM:Run	EgisTecPMMUpdate	"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
Nein	HKLM:Run	EgisUpdate	"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
Nein	HKLM:Run	LManager	C:\Program Files (x86)\Launch Manager\LManager.exe
Nein	HKLM:Run	MDS_Menu	"C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
Nein	HKLM:Run	mwlDaemon	C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
Nein	HKLM:Run	PinnacleDriverCheck	C:\Windows\system32\PSDrvCheck.exe -CheckReg
Nein	HKLM:Run	QuickTime Task	"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Nein	HKLM:Run	TkBellExe	"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
Nein	HKLM:Run	VirtualCloneDrive	"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
         
8. erneuter Scan:

Alt 30.07.2011, 16:41   #15
flo199213
 
Google Redirect Virus entfernen - WIE ? - Standard

Google Redirect Virus entfernen - WIE ?



OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.07.2011 16:22:59 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Florian\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 50,11% Memory free
7,35 Gb Paging File | 5,21 Gb Available in Paging File | 70,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,54 Gb Total Space | 332,96 Gb Free Space | 48,64% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,84 Gb Free Space | 100,00% Space Free | Partition Type: FAT
 
Computer Name: LAPTOP-ACER | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.27 17:36:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.28 14:12:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.21 22:21:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.05.01 01:03:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.27 01:18:10 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.06 09:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.07.01 06:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.07.01 06:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2007.03.23 13:49:52 | 000,213,584 | ---- | M] (abylonsoft - Dr. Thomas Klabunde GbR) -- C:\Program Files (x86)\abylonsoft\SAWipe\SAWCtrlSer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.27 17:36:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.25 19:23:31 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 14:12:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 01:03:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.27 01:18:10 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.01.25 19:24:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.20 00:29:07 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.06 09:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.07.29 14:16:12 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.07.01 06:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.07.01 06:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.15 12:51:56 | 000,822,304 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.23 13:49:52 | 000,213,584 | ---- | M] (abylonsoft - Dr. Thomas Klabunde GbR) [Auto | Running] -- C:\Program Files (x86)\abylonsoft\SAWipe\SAWCtrlSer.exe -- (apmSAWCtrl)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.28 14:12:23 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 14:12:23 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 00:56:00 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.01.06 13:45:39 | 002,156,968 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2010.07.29 14:16:30 | 000,270,496 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.07.29 14:16:28 | 000,295,072 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.07.29 14:16:28 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.07.29 14:16:28 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.07.29 14:16:28 | 000,051,872 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.07.29 14:16:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.07.29 14:16:28 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.07.29 14:16:26 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.07.15 23:57:34 | 002,350,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.06.25 04:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.06.05 16:27:58 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.10.21 18:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.19 13:33:10 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/01 12:05:24] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl -- ({6E090BD5-4EF5-4bf0-A968-74049E88E935})
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2004.03.10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: imageblock@hemantvats.com:2.1
FF - prefs.js..extensions.enabledItems: ozymandias@securityheroes.com:1.0.2.618
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.21 22:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.21 22:02:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.21 22:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.17 23:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.27 16:43:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.17 23:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2011.01.21 21:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2011.01.21 21:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.28 21:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions
[2011.01.21 14:23:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.06 12:19:58 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011.01.19 23:48:01 | 000,000,000 | ---D | M] (ImageBlock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions\imageblock@hemantvats.com
[2011.02.04 14:09:14 | 000,000,000 | ---D | M] (Maximum AdBlock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\94daqga8.default\extensions\ozymandias@securityheroes.com
[2011.01.19 23:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\ci4o5qai.default\extensions
[2011.07.07 21:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.20 21:26:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.21 14:35:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 01:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.07 21:32:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\FLORIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\94DAQGA8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FLORIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\94DAQGA8.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.06.21 22:21:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011.06.21 22:21:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.21 22:21:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.21 22:21:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.21 22:21:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011.01.24 23:58:45 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.30 14:58:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.28 15:11:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes
[2011.07.28 15:11:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.28 15:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.28 15:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.28 15:11:02 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.28 15:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.27 17:36:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2011.07.27 03:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011.07.27 02:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.07.26 22:34:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2011.07.26 20:08:32 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\FileHunter
[2011.07.26 01:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
[2011.07.26 01:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\2BrightSparks
[2011.07.26 01:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2011.07.26 01:43:46 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\Nüx
[2011.07.25 19:51:35 | 000,066,048 | ---- | C] (Mddxxjhmz Qidmknjhiya) -- C:\Windows\SysWow64\C_875V.dll
[2011.07.19 02:40:52 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PantsOff
[2011.07.19 02:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PantsOff
[2011.07.19 02:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PantsOff
[2011.07.15 21:02:40 | 000,000,000 | R--D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2011.07.13 14:23:35 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.07.13 14:23:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 14:23:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 14:23:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 14:23:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 14:23:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 14:23:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 14:23:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 14:23:30 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.07.13 14:23:30 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.07.13 14:23:30 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.07.13 14:23:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.07.13 14:23:30 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.07.13 14:23:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.07.13 14:23:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.07.13 14:23:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.07.13 14:23:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.07.13 14:23:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.07.13 14:23:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.07.13 14:23:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.07.08 00:41:57 | 000,000,000 | ---D | C] -- C:\Users\Florian\Documents\Rockstar Games
[2011.07.08 00:39:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.07.08 00:39:13 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Rockstar Games
[2011.07.07 21:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.07.07 21:32:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.07.07 21:32:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.07.07 21:32:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.07.07 21:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA IV Complete Edition
[2011.07.02 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\Neuer Ordner
[2011.07.01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.30 16:21:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.30 16:21:22 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.30 16:21:22 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.30 16:21:22 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.30 16:21:22 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.30 15:45:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 15:45:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 15:38:46 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2011.07.30 15:38:12 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\ADXLZUPF.job
[2011.07.30 15:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.30 15:37:58 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.28 15:11:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.27 17:36:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2011.07.27 03:16:02 | 001,463,918 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.07.26 01:45:22 | 000,001,249 | ---- | M] () -- C:\Users\Florian\Desktop\EncryptOnClick.lnk
[2011.07.25 19:51:35 | 000,066,048 | ---- | M] (Mddxxjhmz Qidmknjhiya) -- C:\Windows\SysWow64\C_875V.dll
[2011.07.20 03:07:51 | 000,172,405 | ---- | M] () -- C:\Users\Florian\Desktop\caution_sign_w_exclamation.jpg
[2011.07.20 03:07:51 | 000,010,473 | ---- | M] () -- C:\Users\Florian\.recently-used.xbel
[2011.07.20 02:52:04 | 000,024,509 | ---- | M] () -- C:\Users\Florian\Desktop\caution_sign_w_exclamation.png
[2011.07.16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\gmer.exe
[2011.07.14 02:46:20 | 003,074,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.01 21:13:14 | 000,000,947 | ---- | M] () -- C:\Users\Florian\Desktop\Audacity.lnk
[2011.07.01 11:49:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2011.07.28 15:11:05 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.28 14:32:10 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\gmer.exe
[2011.07.27 16:43:46 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.07.27 02:44:31 | 001,463,918 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.07.26 01:45:22 | 000,001,249 | ---- | C] () -- C:\Users\Florian\Desktop\EncryptOnClick.lnk
[2011.07.25 19:51:35 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\ADXLZUPF.job
[2011.07.20 03:07:51 | 000,172,405 | ---- | C] () -- C:\Users\Florian\Desktop\caution_sign_w_exclamation.jpg
[2011.07.20 03:07:51 | 000,010,473 | ---- | C] () -- C:\Users\Florian\.recently-used.xbel
[2011.07.20 02:51:58 | 000,024,509 | ---- | C] () -- C:\Users\Florian\Desktop\caution_sign_w_exclamation.png
[2011.07.01 21:13:14 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011.07.01 21:13:14 | 000,000,947 | ---- | C] () -- C:\Users\Florian\Desktop\Audacity.lnk
[2011.06.08 03:43:26 | 000,406,016 | ---- | C] () -- C:\Windows\SysWow64\PSDrvCheck.exe
[2011.06.08 03:41:08 | 000,000,063 | ---- | C] () -- C:\Windows\PixieTool.INI
[2011.06.07 22:48:25 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.04.09 16:08:47 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2011.03.23 00:44:00 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2011.03.23 00:44:00 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2011.03.18 17:10:08 | 000,006,144 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.06 15:29:58 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.03.01 19:59:33 | 000,000,173 | ---- | C] () -- C:\Windows\SAWReg.ini
[2011.01.31 23:32:19 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll
[2011.01.27 01:11:52 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.27 01:11:48 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.27 01:11:46 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.01.23 03:19:59 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011.01.21 21:50:40 | 000,007,606 | ---- | C] () -- C:\Users\Florian\AppData\Local\resmon.resmoncfg
[2011.01.19 23:33:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.01 12:38:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.01 12:34:27 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.09.08 10:17:26 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.09.08 10:17:26 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.09.08 10:17:26 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.09.08 10:17:26 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.09.08 10:17:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.09.08 10:17:24 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.08 09:41:35 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004.03.18 08:44:29 | 001,663,068 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll
 
========== LOP Check ==========
 
[2011.06.02 03:22:40 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\.minecraft
[2011.03.01 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\apm
[2011.04.10 00:29:43 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\CadSoft
[2011.01.27 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DAEMON Tools Lite
[2011.03.22 14:19:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\elsterformular
[2011.01.27 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Engelmann Media
[2011.07.30 14:45:59 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FileHunter
[2011.01.20 01:49:26 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FreeArc
[2011.07.20 03:07:51 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0
[2011.04.09 14:46:53 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ibf
[2011.07.30 14:18:53 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ICQ
[2011.06.29 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Liteon
[2011.03.18 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ManyCam
[2011.03.23 04:17:56 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Neuratron
[2011.01.19 23:48:23 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\SecurityHeroes
[2011.04.27 01:35:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Softland
[2011.04.20 00:02:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer
[2011.01.21 21:45:49 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird
[2011.04.17 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\UBNet
[2011.07.30 15:38:12 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\ADXLZUPF.job
[2011.07.25 13:51:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Antwort

Themen zu Google Redirect Virus entfernen - WIE ?
adware.bho, analyse, combofix, community, entfernen, entfernt, experten, google redircet virus goingonearth . com, google redirect, google redirect virus, hijack.zones, pup.pswfinder, redirect, redirect virus entfernen, spyware.onlinegames, ständige, trojan.downloader, trojan.fakealert, trojan.fakealert.sa, trojan.fraudpack, verschiedene, verschiedenen, virus entfernen, weiterleitung, werbefenster



Ähnliche Themen: Google Redirect Virus entfernen - WIE ?


  1. Google Redirect Virus entfernen bei Windows 8
    Log-Analyse und Auswertung - 07.06.2015 (5)
  2. Google Redirect Virus lässt sich nicht aus dem Netzwerk entfernen und plötzlicher Bluescreen
    Log-Analyse und Auswertung - 06.01.2014 (16)
  3. Google Redirect Virus entfernen
    Log-Analyse und Auswertung - 19.12.2013 (15)
  4. Google redirect Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.06.2013 (9)
  5. google redirect virus
    Log-Analyse und Auswertung - 11.01.2013 (6)
  6. Google Redirect Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (17)
  7. Google Redirect Virus bzw. Google Hijack + PC Langsam
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  8. Google redirect Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  9. Google redirect virus entfernen
    Log-Analyse und Auswertung - 01.06.2012 (1)
  10. Google Redirect Virus entfernen!
    Log-Analyse und Auswertung - 06.04.2012 (17)
  11. Google Redirect Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (25)
  12. Google Redirect Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (19)
  13. Google Redirect Virus entfernen!
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (23)
  14. "Google Redirect Virus" - Wie wieder entfernen?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2011 (38)
  15. Google Redirect Virus entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 08.07.2011 (7)
  16. Google Redirect Virus "goingonearth" - wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (25)
  17. Google Redirect Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2011 (15)

Zum Thema Google Redirect Virus entfernen - WIE ? - Hey liebe Community, ich habe die schon bekannten Probleme mit dem Google Redirect Virus "goingonearth.com". Die Aufgehenden Werbefenster habe ich bereits mit einem Antivirusprogramm behoben - allerdings bleibt die ständige - Google Redirect Virus entfernen - WIE ?...
Archiv
Du betrachtest: Google Redirect Virus entfernen - WIE ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.