Trojaner? Der Computer ist für die Verletzung der Gesetze der Bundesrepublik wurde blokiert

Carl89

Hallo,
auch ich habe diesen Trojaner mit der Überschrift " Der Computer ist für die Verletzung der Gesetze der Bundesrepublik wurde blokiert". Leider habe ich auf diesem Laptop wirklich wichtige Dateien z.B. aus meinem Studium gespeichert, deswegen wäre ich euch unglaublich dankbar, wenn ihr mir bei der Beseitigung des Trojaners Helfen könntet. Ich habe bereits einen Scan von Malwarebytes und Olt durchgeführt. Hier sind die zugehörigen Logfiles:

Malewarbytes:


Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Carl :: CARL-PC [Administrator]

Schutz: Deaktiviert

22.07.2012 17:44:40
mbam-log-2012-07-22 (17-44-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 405996
Laufzeit: 56 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)


Jetzt der Logfile von OLT:


OTL logfile created on: 22.07.2012 18:43:33 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Carl\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,02% Memory free
7,50 Gb Paging File | 6,91 Gb Available in Paging File | 92,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,27 Gb Total Space | 45,73 Gb Free Space | 16,20% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 7,84 Gb Free Space | 49,62% Space Free | Partition Type: FAT32
Drive H: | 961,72 Mb Total Space | 420,72 Mb Free Space | 43,75% Space Free | Partition Type: FAT

Computer Name: CARL-PC | User Name: Carl | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.22 12:38:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.14 14:54:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 18:03:43 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.07.05 17:43:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.20 19:03:22 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012.01.26 16:08:56 | 003,665,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.13 14:51:46 | 000,160,768 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\SXDS10.exe -- (SXDS10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.05.10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.02.22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.02.10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.01.07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.22 14:49:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.03.25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.03 11:57:00 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006.11.30 15:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKLM\..\SearchScopes\{C842F2C2-E4D4-4C27-B472-2B8CA04F26A7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 9B 85 4D 84 2F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=7e91f1f0-0002-11e1-bd1b-002220023a71&q={searchTerms}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={B5D2D09E-7E63-4E1D-8F98-4795F09413A0}&mid=13e80c40976e47d1a88ed16b66e6d382-3acc8ded47cae3abadd8764e8b306301dabc8dde&lang=de&ds=AVG&pr=fr&d=2011-12-12 17:30:39&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKCU\..\SearchScopes\{C842F2C2-E4D4-4C27-B472-2B8CA04F26A7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B44308bed-dac7-4281-ba15-216e6363feef%7D&mid=13e80c40976e47d1a88ed16b66e6d382-3acc8ded47cae3abadd8764e8b306301dabc8dde&ds=AVG&v=11.1.0.12&lang=de&pr=fr&d=2011-12-12%2017%3A30%3A39&sap=ku&q="
FF - prefs.js..network.proxy.type: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.21 14:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011.06.21 14:18:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012.02.02 20:18:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.07.06 22:04:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.06 10:34:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.10 18:04:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.05 17:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.06 10:34:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.21 14:17:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.05 17:43:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.06 10:34:38 | 000,000,000 | ---D | M]

[2011.06.20 22:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carl\AppData\Roaming\mozilla\Extensions
[2012.07.17 14:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions
[2012.02.11 13:18:54 | 000,000,000 | ---D | M] (DDBAC Plug-In) -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2011.07.18 19:52:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.20 10:17:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.07.17 14:06:34 | 000,000,000 | ---D | M] (SFT_de3 Community Toolbar) -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}
[2012.05.20 10:17:37 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\fb_add_on@avm.de
[2011.10.13 18:55:37 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\ffxtlbr@babylon.com
[2011.06.21 22:59:17 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\ffxtlbr@Facemoods.com
[2011.07.31 22:42:34 | 000,000,000 | ---D | M] (foxfm) -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\foxfm@foxfm.org
[2011.11.02 22:47:07 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Carl\AppData\Roaming\mozilla\Firefox\Profiles\70qkji8j.default\extensions\welcome@toolmin.com
[2012.07.05 17:44:16 | 000,000,853 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\70qkji8j.default\searchplugins\11-suche.xml
[2012.07.05 17:44:16 | 000,002,209 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\70qkji8j.default\searchplugins\englische-ergebnisse.xml
[2012.07.05 17:44:16 | 000,010,506 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\70qkji8j.default\searchplugins\gmx-suche.xml
[2012.07.05 17:44:16 | 000,002,368 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\70qkji8j.default\searchplugins\lastminute.xml
[2012.07.05 17:44:16 | 000,005,489 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\70qkji8j.default\searchplugins\webde-suche.xml
[2012.07.05 17:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.02 10:24:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.10 18:04:01 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012.03.03 14:47:56 | 000,162,686 | ---- | M] () (No name found) -- C:\USERS\CARL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\70QKJI8J.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.07.05 17:43:31 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\CARL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\70QKJI8J.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.07.05 17:43:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.05 17:43:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.10 18:03:37 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.10.12 16:35:26 | 000,002,291 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.07.05 17:43:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.05 17:43:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.21 22:59:18 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.07.05 17:43:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.02 22:47:07 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.07.05 17:43:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.05 17:43:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://home.sweetim.com/?barid={12DAA1E0-652F-11E1-BA20-002220023A71}
CHR - Extension: Facemoods = C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: Skype Extension = C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Carl\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKCU..\Run: [secproc_isv] C:\Users\Carl\AppData\Local\Microsoft\Windows\3588\secproc_isv.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Carl\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Carl\Desktop\PartyPoker.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: olb.de ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B11E5D-C8FC-4B2C-ADE2-60FF8736CD09}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C34F5F86-40E9-47FD-A6BD-AB2580521288}: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C888B91C-BE6C-4E38-8478-E06910F8CA17}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{2227b5a5-f887-11e0-9163-002220023a71}\Shell - "" = AutoRun
O33 - MountPoints2\{2227b5a5-f887-11e0-9163-002220023a71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e911cee8-f49d-11e0-8d84-002220023a71}\Shell - "" = AutoRun
O33 - MountPoints2\{e911cee8-f49d-11e0-8d84-002220023a71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e911ceed-f49d-11e0-8d84-002220023a71}\Shell - "" = AutoRun
O33 - MountPoints2\{e911ceed-f49d-11e0-8d84-002220023a71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e911ceef-f49d-11e0-8d84-002220023a71}\Shell - "" = AutoRun
O33 - MountPoints2\{e911ceef-f49d-11e0-8d84-002220023a71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.22 17:43:38 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\Malwarebytes
[2012.07.22 17:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 17:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.22 17:43:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.22 17:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.22 12:52:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.22 12:40:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2012.07.22 12:20:16 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\hellomoto
[2012.07.17 18:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012.07.15 09:58:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.15 09:58:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.15 09:58:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.15 09:58:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.15 09:58:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.15 09:58:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.15 09:58:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.15 09:58:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.15 09:58:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.15 09:58:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.15 09:58:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.15 09:58:45 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.15 09:58:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.14 16:33:44 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Local\Macromedia
[2012.07.14 15:51:50 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.14 15:51:17 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.14 15:51:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.14 15:46:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.14 15:46:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.14 14:46:24 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.14 14:46:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.14 14:15:43 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.10 19:36:53 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\4lyn - Quasar (2012)
[2012.07.02 13:44:35 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\elsterformular
[2012.07.02 13:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.02 13:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.07.02 13:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.07.02 13:34:40 | 060,109,528 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Carl\Desktop\ElsterFormular-13.2.0.8623p.exe
[2012.06.26 21:05:12 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\German Top100 Single Charts 02.07.2012
[3 C:\Users\Carl\Desktop\*.tmp files -> C:\Users\Carl\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.22 17:43:32 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 17:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 17:37:44 | 3018,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 12:58:24 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 12:42:15 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 12:42:15 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 12:42:15 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 12:42:15 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 12:42:15 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 12:38:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2012.07.22 11:54:41 | 101,926,143 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.07.22 11:46:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.21 13:48:04 | 005,456,406 | ---- | M] () -- C:\Users\Carl\Documents\clip0011.avi
[2012.07.21 13:48:00 | 004,090,194 | ---- | M] () -- C:\Users\Carl\Documents\clip0010.avi
[2012.07.21 13:47:57 | 006,936,506 | ---- | M] () -- C:\Users\Carl\Documents\clip0009.avi
[2012.07.21 13:47:51 | 286,791,264 | ---- | M] () -- C:\Users\Carl\Documents\clip0008.avi
[2012.07.20 16:56:16 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 16:56:16 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 20:06:58 | 000,007,799 | ---- | M] () -- C:\Users\Carl\Documents\ChatLog Online_Infoveranstaltung StB 2012_07_17 20_06.rtf
[2012.07.17 20:01:27 | 2857,556,884 | ---- | M] () -- C:\Users\Carl\Documents\clip0007.avi
[2012.07.17 19:37:03 | 3299,048,062 | ---- | M] () -- C:\Users\Carl\Documents\clip0006.avi
[2012.07.17 19:10:09 | 2997,841,816 | ---- | M] () -- C:\Users\Carl\Documents\clip0005.avi
[2012.07.17 19:06:21 | 000,211,300 | ---- | M] () -- C:\Users\Carl\Desktop\Handout StB Online-Infoveranstaltung.pdf
[2012.07.17 18:32:15 | 000,060,304 | ---- | M] () -- C:\Users\Carl\g2mdlhlpx.exe
[2012.07.17 16:59:07 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Carl.job
[2012.07.17 13:57:04 | 000,415,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.14 14:54:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.14 14:54:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.10 19:34:18 | 064,049,002 | ---- | M] () -- C:\Users\Carl\Desktop\4lyn - Quasar (2012).rar
[2012.07.05 19:04:07 | 000,065,009 | ---- | M] () -- C:\Users\Carl\ESt2011_Glöij_Henning.elfo
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 17:29:41 | 000,503,170 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.07.02 13:51:23 | 000,039,815 | ---- | M] () -- C:\Users\Carl\ESt2011_Glöij_Carl-Friedrich.elfo
[2012.07.02 13:43:38 | 000,001,237 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.02 13:42:39 | 060,109,528 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\Carl\Desktop\ElsterFormular-13.2.0.8623p.exe
[3 C:\Users\Carl\Desktop\*.tmp files -> C:\Users\Carl\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.22 17:43:32 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.21 13:48:02 | 005,456,406 | ---- | C] () -- C:\Users\Carl\Documents\clip0011.avi
[2012.07.21 13:47:58 | 004,090,194 | ---- | C] () -- C:\Users\Carl\Documents\clip0010.avi
[2012.07.21 13:47:54 | 006,936,506 | ---- | C] () -- C:\Users\Carl\Documents\clip0009.avi
[2012.07.21 13:46:23 | 286,791,264 | ---- | C] () -- C:\Users\Carl\Documents\clip0008.avi
[2012.07.17 20:06:58 | 000,007,799 | ---- | C] () -- C:\Users\Carl\Documents\ChatLog Online_Infoveranstaltung StB 2012_07_17 20_06.rtf
[2012.07.17 19:37:03 | 2857,556,884 | ---- | C] () -- C:\Users\Carl\Documents\clip0007.avi
[2012.07.17 19:10:10 | 3299,048,062 | ---- | C] () -- C:\Users\Carl\Documents\clip0006.avi
[2012.07.17 19:06:21 | 000,211,300 | ---- | C] () -- C:\Users\Carl\Desktop\Handout StB Online-Infoveranstaltung.pdf
[2012.07.17 18:45:10 | 2997,841,816 | ---- | C] () -- C:\Users\Carl\Documents\clip0005.avi
[2012.07.17 18:32:14 | 000,060,304 | ---- | C] () -- C:\Users\Carl\g2mdlhlpx.exe
[2012.07.10 19:22:51 | 064,049,002 | ---- | C] () -- C:\Users\Carl\Desktop\4lyn - Quasar (2012).rar
[2012.07.05 18:57:58 | 000,065,009 | ---- | C] () -- C:\Users\Carl\ESt2011_Glöij_Henning.elfo
[2012.07.02 13:48:24 | 000,039,815 | ---- | C] () -- C:\Users\Carl\ESt2011_Glöij_Carl-Friedrich.elfo
[2012.07.02 13:43:38 | 000,001,237 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.08.30 10:06:29 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2011.08.02 10:41:54 | 000,233,487 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2011.08.02 10:41:54 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2011.06.22 11:44:49 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.06.21 14:08:45 | 000,233,487 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >


Ich wäre euch wirklich dankbar, wenn ihr mir helft das Ding wieder los zu werden

Vielen Dank

Carl