Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Qvo6.com-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2013, 19:46   #1
K3vin
 
Qvo6.com-Virus - Ausrufezeichen

Qvo6.com-Virus



Hallo zusammen,

habe auf meinem Laptop das Problem mit dem Qvo6.com-Virus.

Habe schon die Schritte 1 bis 3 befolgt, die ryder in seinem Post hier http://www.trojaner-board.de/134652-...ngefangen.html beschrieben hat.

Hier sind die Logs. Vielen Dank schon mal für die Hilfe.

1.) AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 28/05/2013 um 20:09:19 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Joachim - JOACHIM-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Joachim\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : eSafeSvc

***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Joachim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\Joachim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Joachim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Joachim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
Datei Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\searchplugins\askcomsearch.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Joachim\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Joachim\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\Conduit
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\ConduitEngine
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\CT2475029
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\jetpack

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=FUJITSUXMJA2320BHXG2_K935TA22G6KCTA22G6KCX&ts=1368521601
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=FUJITSUXMJA2320BHXG2_K935TA22G6KCTA22G6KCX&ts=1368521601 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=FUJITSUXMJA2320BHXG2_K935TA22G6KCTA22G6KCX&ts=1368521601 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=FUJITSUXMJA2320BHXG2_K935TA22G6KCTA22G6KCX&ts=1368521601 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=FUJITSUXMJA2320BHXG2_K935TA22G6KCTA22G6KCX&ts=1368521601 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=FUJITSUXMJA2320BHXG2_K935TA22G6KCTA22G6KCX&ts=1368521601 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=FUJITSUXMJA2320BHXG2_K935TA22G6KCTA22G6KCX&ts=1368521601 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\prefs.js

Gelöscht : user_pref("CT2475029..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CTID", "ct2481020");
Gelöscht : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Sat Feb 12 2011 13:48:07 GMT+0100");
Gelöscht : user_pref("CT2475029.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CurrentServerDate", "12-2-2011");
Gelöscht : user_pref("CT2475029.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Gelöscht : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Sun Feb 06 2011 12:10:49 GMT+0100");
Gelöscht : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201073583");
Gelöscht : user_pref("CT2475029.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2475029.EMailNotifierPollDate", "Sat Feb 12 2011 13:43:54 GMT+0100");
Gelöscht : user_pref("CT2475029.ExternalComponentPollDate129077842555155326", "Fri Dec 17 2010 09:58:23 GMT+010[...]
Gelöscht : user_pref("CT2475029.ExternalComponentPollDate129078508355624514", "Sun Sep 19 2010 11:03:16 GMT+020[...]
Gelöscht : user_pref("CT2475029.FeedLastCount129133095456874337", 0);
Gelöscht : user_pref("CT2475029.FeedPollDate129076849370150342", "Sat Feb 12 2011 13:28:17 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850042182211", "Sat Feb 12 2011 13:28:17 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850596400916", "Sat Feb 12 2011 13:28:17 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850791868756", "Sat Feb 12 2011 13:28:17 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076852434375419", "Sat Feb 12 2011 13:28:17 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076853083906444", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076854010937606", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855068438037", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855340312884", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855597344292", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855883906472", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856408281730", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856723281882", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856982969262", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076857229219583", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076857478587121", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129076858014837073", "Sat Feb 12 2011 13:28:19 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129132307482029379", "Sun Sep 19 2010 16:23:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129132307482029381", "Sun Sep 19 2010 16:23:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129132307482029382", "Sun Sep 19 2010 16:23:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129133095459686870", "Sun Sep 19 2010 16:23:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129133095459686871", "Sun Sep 19 2010 16:23:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137419319063373", "Sat Nov 13 2010 11:00:53 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129137419319063374", "Sat Nov 13 2010 11:00:54 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129137435445312162", "Sat Nov 13 2010 11:00:53 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129137435445312163", "Sat Nov 13 2010 11:00:53 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129137435445312164", "Sat Nov 13 2010 11:00:53 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate129137435445312165", "Wed Oct 20 2010 05:45:26 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137437659687146", "Sun Sep 19 2010 16:23:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137437659687147", "Sun Sep 19 2010 16:23:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137437659687148", "Sun Sep 19 2010 16:23:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214602500", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214602506", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214602512", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214602518", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214602524", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214602530", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603404", "Sun Sep 19 2010 15:03:16 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603410", "Sun Sep 19 2010 15:03:16 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603416", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603422", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603428", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603434", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603440", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603446", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603452", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603458", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603464", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603470", "Sun Sep 19 2010 15:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603476", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603482", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603488", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214603494", "Sun Sep 19 2010 15:03:18 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758786", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758792", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758798", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758804", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758810", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758816", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758822", "Sun Sep 19 2010 11:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758828", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758834", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758840", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758846", "Sun Sep 19 2010 15:03:19 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758852", "Sun Sep 19 2010 15:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758858", "Sun Sep 19 2010 15:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758864", "Sun Sep 19 2010 15:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758870", "Sun Sep 19 2010 11:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758876", "Sun Sep 19 2010 15:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758882", "Sun Sep 19 2010 14:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758888", "Sun Sep 19 2010 15:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758894", "Sun Sep 19 2010 15:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758900", "Sun Sep 19 2010 15:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758906", "Sun Sep 19 2010 15:03:20 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758912", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758918", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758924", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758930", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758936", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758942", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758948", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758954", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129255180214758960", "Sun Sep 19 2010 15:03:21 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedTTL129076850596400916", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129076850791868756", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129076855068438037", 2);
Gelöscht : user_pref("CT2475029.FeedTTL129076856723281882", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129076857229219583", 30);
Gelöscht : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137419319063373", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137419319063374", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137435445312162", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137435445312163", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137435445312164", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214602500", 15);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214602512", 30);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214602518", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214602524", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214603416", 15);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214603428", 60);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214603482", 60);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214603488", 15);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214603494", 2);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758786", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758798", 30);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758804", 30);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758828", 15);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758840", 15);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758846", 15);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758852", 15);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758870", 1440);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758900", 10);
Gelöscht : user_pref("CT2475029.FeedTTL129255180214758918", 5);
Gelöscht : user_pref("CT2475029.FirstServerDate", "19-9-2010");
Gelöscht : user_pref("CT2475029.FirstTime", true);
Gelöscht : user_pref("CT2475029.FirstTimeFF3", true);
Gelöscht : user_pref("CT2475029.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2475029.GroupingLastCheckTime", "Fri Feb 11 2011 23:21:06 GMT+0100");
Gelöscht : user_pref("CT2475029.GroupingLastErrorCode", "");
Gelöscht : user_pref("CT2475029.GroupingLastResponse", true);
Gelöscht : user_pref("CT2475029.GroupingLastServerUpdateTime", "129416626726370000");
Gelöscht : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2475029.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2475029.Initialize", true);
Gelöscht : user_pref("CT2475029.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2475029.InstalledDate", "Sun Sep 19 2010 11:03:16 GMT+0200");
Gelöscht : user_pref("CT2475029.IsGrouping", true);
Gelöscht : user_pref("CT2475029.IsMulticommunity", true);
Gelöscht : user_pref("CT2475029.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2475029.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2475029.LanguagePackLastCheckTime", "Sun Sep 19 2010 11:03:17 GMT+0200");
Gelöscht : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2475029.LastLogin_2.5.6.0", "Sun Oct 31 2010 12:01:26 GMT+0100");
Gelöscht : user_pref("CT2475029.LastLogin_2.7.2.0", "Sat Feb 12 2011 13:28:17 GMT+0100");
Gelöscht : user_pref("CT2475029.LastLogin_3.2.5.2", "Sat Feb 12 2011 13:48:07 GMT+0100");
Gelöscht : user_pref("CT2475029.LatestVersion", "3.2.5.2");
Gelöscht : user_pref("CT2475029.Locale", "en");
Gelöscht : user_pref("CT2475029.LoginCache", 4);
Gelöscht : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2475029.MCDetectTooltipShow", true);
Gelöscht : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2475029.RadioIsPodcast", false);
Gelöscht : user_pref("CT2475029.RadioMediaID", "9962");
Gelöscht : user_pref("CT2475029.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT24750299962");
Gelöscht : user_pref("CT2475029.RadioStationName", "California%20Rock");
Gelöscht : user_pref("CT2475029.RadioStationURL", "hxxp://feedlive.net/california.asx");
Gelöscht : user_pref("CT2475029.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2475029.SearchBoxWidth", 150);
Gelöscht : user_pref("CT2475029.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Gelöscht : user_pref("CT2475029.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2475029.ServiceMapLastCheckTime", "Sat Feb 12 2011 13:48:05 GMT+0100");
Gelöscht : user_pref("CT2475029.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2475029.SettingsLastCheckTime", "Sun Sep 19 2010 11:03:15 GMT+0200");
Gelöscht : user_pref("CT2475029.SettingsLastUpdate", "1284761043");
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Sun Sep 19 2010 11:03:15 GMT+0200");
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2475029.UserID", "UN47843083052231183");
Gelöscht : user_pref("CT2475029.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2475029.WeatherNetwork", "");
Gelöscht : user_pref("CT2475029.WeatherPollDate", "Sat Feb 12 2011 13:28:18 GMT+0100");
Gelöscht : user_pref("CT2475029.WeatherUnit", "C");
Gelöscht : user_pref("CT2475029.backendstorage._fb_dailyactivity", "31323937343632383732303536");
Gelöscht : user_pref("CT2475029.backendstorage._fb_lifetimesent", "54525545");
Gelöscht : user_pref("CT2475029.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2475029.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 850);
Gelöscht : user_pref("CT2475029.ct2481020.FeedLastCount129137419315157090", 250);
Gelöscht : user_pref("CT2475029.ct2481020.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Fri Feb 11 2011 23:21:06 GMT+0100");
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastErrorCode", "");
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastResponse", true);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129416626726370000");
Gelöscht : user_pref("CT2475029.ct2481020.InvalidateCache", false);
Gelöscht : user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Sat Feb 12 2011 13:48:07 GMT+0100");
Gelöscht : user_pref("CT2475029.ct2481020.Locale", "de");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Fri Feb 11 2011 23:21:06 GMT+0100");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3");
Gelöscht : user_pref("CT2475029.ct2481020.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Gelöscht : user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Fri Feb 11 2011 23:21:06 GMT+0100");
Gelöscht : user_pref("CT2475029.ct2481020.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Sat Feb 12 2011 13:28:17 GMT+0100");
Gelöscht : user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1296758912");
Gelöscht : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Sat Jan 29 2011 20:48:54 GMT+0100");
Gelöscht : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2475029.ct2481020.toolbarAppMetaDataLastCheckTime", "Sat Feb 12 2011 13:48:07 GMT+0100"[...]
Gelöscht : user_pref("CT2475029.ct2481020.toolbarContextMenuLastCheckTime", "Sat Feb 12 2011 13:48:07 GMT+0100"[...]
Gelöscht : user_pref("CT2475029.myStuffEnabled", true);
Gelöscht : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2475029.testingCtid", "");
Gelöscht : user_pref("CT2475029.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63432589928083[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2475029,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 16 2011 22:44:54 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 20:49:43 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 01 2011 14:24:33 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "7f771cd7-2f11-4626-b1e6-9457c92041cc");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jan 11 2011 11:04:32 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Sun Sep 19 2010 11:03:16 GMT+0200"[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_16276078.LastCheckTime", "Sat Nov 13 2010 11:00:56 GMT+0100[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_17876054.LastCheckTime", "Sat Nov 13 2010 11:00:56 GMT+0100[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_17965092.LastCheckTime", "Sat Nov 13 2010 11:00:56 GMT+0100[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_19345231.LastCheckTime", "Sat Nov 13 2010 11:00:56 GMT+0100[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_9330012.LastCheckTime", "Sat Nov 13 2010 11:00:56 GMT+0100"[...]
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri May 06 2011 17:33:46 GMT+0200");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Mar 25 2011 14:07:10 GMT+0100");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "02/12/2011 15");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Sat Feb 12 2011 13:48:05 GMT+0100");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Mar 25 2011 13:48:51 GMT+0100");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri Mar 25 2011 13:48:51 GMT+0100");
Gelöscht : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Mar 25 2011 13:48:51 GMT+0100");
Gelöscht : user_pref("ConduitEngine.UserID", "UN30036909154627127");
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Mar 25 2011 13:48:51 GMT+0100");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Mar 25 2011 14:07:11 GMT+0100");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("browser.search.order.1", "qvo6");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [34954 octets] - [28/05/2013 20:09:19]

########## EOF - C:\AdwCleaner[S1].txt - [35015 octets] ##########
         
2.) DDS+ (dds.txt)

Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.9.2
Run by Joachim at 20:17:51 on 2013-05-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3958.2166 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Conime] C:\Windows\System32\conime.exe
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{48EC04C8-8D13-408D-83BE-06395F61E96E} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{48EC04C8-8D13-408D-83BE-06395F61E96E}\5416379724F687D2544453732343 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{48EC04C8-8D13-408D-83BE-06395F61E96E}\55E6964797F546C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EE02156B-AD7D-4F4A-8D30-F8B9D6A32CB2} : DHCPNameServer = 192.168.13.65
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-18 13:56; sparpilot@sparpilot.com; C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\sparpilot@sparpilot.com
FF - ExtSQL: 2013-04-18 13:56; amazon-icon@winload.de; C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\amazon-icon@winload.de
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-4-7 482384]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-7 202752]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-12 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-12 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-7 2314240]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-7 56344]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-4-7 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-4 291328]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-7 946688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 avmeject;AVM Eject;C:\Windows\System32\drivers\avmeject.sys [2009-3-20 14120]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\System32\drivers\fwlanusb.sys [2009-3-20 460800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-7 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-4-7 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
.
=============== Created Last 30 ================
.
2013-05-28 17:46:47	--------	d-----w-	C:\Users\Joachim\AppData\Local\DoNotTrackPlus
2013-05-28 10:58:19	9460464	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{87F16884-B5A0-4404-A41C-64869A67AA64}\mpengine.dll
2013-05-21 08:31:59	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2013-05-21 08:31:44	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-21 08:30:42	--------	d-----w-	C:\Users\Joachim\AppData\Local\Programs
2013-05-15 16:14:57	983400	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 16:02:20	--------	d-----w-	C:\Windows\pss
2013-05-14 08:53:25	--------	d-----w-	C:\Users\Joachim\ChromeExtensions
2013-05-14 08:53:25	--------	d-----w-	C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-05-14 08:53:25	--------	d-----w-	C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-05-14 08:53:19	--------	d-----w-	C:\Users\Joachim\AppData\Local\Temp867b25cad114cde47b0c1237491f3b1a
2013-05-11 07:50:35	--------	d-----w-	C:\Windows\SysWow64\wbem\en-US
2013-05-11 07:50:30	--------	d-----w-	C:\Windows\System32\wbem\en-US
2013-05-10 07:32:10	83160	----a-w-	C:\Windows\System32\drivers\avnetflt.sys
.
==================== Find3M  ====================
.
2013-05-14 19:02:41	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 19:02:41	692104	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 00:06:08	278800	------w-	C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19	308736	----a-w-	C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19	111104	----a-w-	C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16	474624	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15	2176512	----a-w-	C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08	1656680	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54	265064	----a-w-	C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 03:30:50	3153920	----a-w-	C:\Windows\System32\win32k.sys
2013-04-05 06:52:14	2242048	----a-w-	C:\Windows\System32\wininet.dll
2013-04-05 06:50:36	3958784	----a-w-	C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31	67072	----a-w-	C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31	136704	----a-w-	C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24	1767424	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26	2877440	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00	2706432	----a-w-	C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25	71680	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-02 07:40:49	73728	----a-w-	C:\wpcupd.exe
2013-03-30 16:04:27	28600	----a-w-	C:\Windows\System32\drivers\avkmgr.sys
2013-03-30 16:04:27	100712	----a-w-	C:\Windows\System32\drivers\avgntflt.sys
2013-03-19 06:04:06	5550424	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58	48640	----a-w-	C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58	230400	----a-w-	C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56	43520	----a-w-	C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13	3968856	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10	3913560	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50	6656	----a-w-	C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33	112640	----a-w-	C:\Windows\System32\smss.exe
2013-03-05 08:03:00	796832	----a-w-	C:\DeskShareDE.exe
2013-03-05 08:03:00	4931584	----a-w-	C:\wpc.exe
2013-03-05 08:03:00	4013856	----a-w-	C:\TeamViewerQS_de7.exe
2013-03-05 08:03:00	3878360	----a-w-	C:\TeamViewerQS_de8.exe
2013-03-05 08:03:00	3519576	----a-w-	C:\TeamViewerQS_de.exe
2013-03-05 08:03:00	1838312	----a-w-	C:\FastClient.exe
2013-03-05 08:03:00	1718176	----a-w-	C:\NV_Support_Participant.exe
2013-03-05 08:03:00	1082192	----a-w-	C:\NV_Support_Teilnehmer_DE.exe
2010-09-18 22:04:37	8537824	----a-w-	C:\Program Files (x86)\ashampoo_burning_studio_6_free_6.77_3639.exe
.
============= FINISH: 20:18:50,85 ===============
         
3.) DDS+ (attach.txt)

Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 25.08.2010 08:18:46
System Uptime: 28.05.2013 20:10:14 (0 hours ago)
.
Motherboard: TOSHIBA |  | NTWAA
Processor: Intel(R) Core(TM) i3 CPU       M 330  @ 2.13GHz | CPU | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 45,281 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 136,729 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP281: 23.04.2013 18:38:49 - Windows Update
RP282: 24.04.2013 22:42:08 - Windows Update
RP283: 10.05.2013 09:33:06 - Windows Update
RP284: 11.05.2013 00:43:44 - Windows Update
RP285: 14.05.2013 14:43:53 - Windows Update
RP286: 15.05.2013 22:56:50 - Windows Update
RP287: 21.05.2013 10:03:22 - Windows Update
RP288: 25.05.2013 16:59:17 - Windows Update
RP289: 28.05.2013 19:56:31 - Removed Facebook Video Calling 1.2.0.287
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4 - Deutsch
aioscnnr
Amazon.de
Ashampoo Burning Studio 11 v.11.0.4
Ashampoo Burning Studio 6 FREE v.6.80
ATI Catalyst Install Manager
Avira Free Antivirus
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
BufferChm
C4USelfUpdater
calibre
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Compatibility Pack für 2007 Office System
eBay
ElsterFormular
essentials
HP Foto- und Bildbearbeitung 2.0 - All-in-One
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
HP Officejet 100 Mobile L411
HP Speicher-Disc
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Kodak AIO Printer
KODAK All-in-One Software
L411_Help_Web
L411_Software_Min
L411_web
Mein CEWE FOTOBUCH
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 21.0 (x86 de)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
ocr
Photo Service - powered by myphotobook
PlayReady PC Runtime amd64
PreReq
PrintProjects
Profi cash
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Skype™ 6.3
Synaptics Pointing Device Driver
Toolbox
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
Toshiba Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Supervisorkennwort
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Utility Common Driver
VLC media player 1.1.5
Warcraft III
Warcraft III: All Products
WebReg
WildTangent-Spiele
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
.
==== End Of File ===========================
         

Alt 28.05.2013, 19:56   #2
M-K-D-B
/// TB-Ausbilder
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.
__________________

__________________

Alt 28.05.2013, 20:02   #3
M-K-D-B
/// TB-Ausbilder
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



Servus,





wir spüren noch die letzten Reste auf, damit wir sie im Anschluss entfernen können.






Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 2
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    autoclean;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Schritt 3
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
msconfig
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 4
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *qvo6*
    *Askcom*
    *Conduit*
    
    :folderfind
    *qvo6*
    *Askcom*
    *Conduit*
    
    :regfind
    qvo6
    Askcom
    Conduit
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Gibt es noch Probleme mit qvo6.com? Wenn ja, in welchem Browser?





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von JRT,
  • die Logdatei von ZOEK,
  • die beiden Logdateien von OTL,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
__________________
__________________

Alt 31.05.2013, 16:22   #4
M-K-D-B
/// TB-Ausbilder
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.06.2013, 15:40   #5
K3vin
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Joachim on 01.06.2013 at 16:04:23,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A0A872AF-E2C2-4CD1-B3B1-B6616104B595}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\jetpack
Emptied folder: C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\minidumps [173 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2013 at 16:08:06,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
ZOEK:

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 31-May-2013
Tool run by Joachim on 01.06.2013 at 16:09:41,32.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Creating Sample__1612.zip ======================
 
Copied file C:\Users\Joachim\setup_Mein_CEWE_FOTOBUCH.exe to sample
sample\setup_Mein_CEWE_FOTOBUCH.exe renamed to 0CFFCFD944D88828EF0841B45B740C7F

C:\Users\Public\Desktop\sample__1612.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2316785790-3983578854-3728904588-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2316785790-3983578854-3728904588-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2316785790-3983578854-3728904588-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53707962-6F74-2D53-2644-206D7942484F} deleted successfully
HKEY_USERS\S-1-5-21-2316785790-3983578854-3728904588-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{53707962-6F74-2D53-2644-206D7942484F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2316785790-3983578854-3728904588-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default

user.js not found
---- Lines conduit removed from prefs.js ----


---- Lines conduit modified from prefs.js ----

user_pref("extensions.enabledItems", "{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51,2020Player@2020Technologies.com:5.0.4.0,engine@conduit.com:3.3.3.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17");

---- FireFox user.js and prefs.js backups ---- 

prefs__1613_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\Tasks\Desk 365 RunAsStdUser deleted successfully

==== Deleting Files \ Folders ======================

"C:\Windows\System32\Tasks\Desk 365 RunAsStdUser" not found 
"C:\Users\All Users\PrintProjects\ContentMan.dll" deleted
"C:\Users\All Users\PrintProjects\npRLViewer.dll" deleted
"C:\Users\All Users\PrintProjects\RLPNUpload.dll" deleted
"C:\Users\All Users\PrintProjects\RocketEngine.dll" deleted
"C:\Users\All Users\Vista32\EBLib.dll" deleted
"C:\Users\All Users\Vista64\EBLib.dll" deleted
"C:\Users\All Users\XP\EBLib.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\AppInfo.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CORE_RL_Magick++_.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CORE_RL_magick_.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CORE_RL_wand_.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWAPM0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWAssistant0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWCore0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWCustomer0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWFoto0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWFotoschauDLL0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWGUIWidgets0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWImageLoader0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWImageProcessing0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWImageProcessingGUI0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWNetworking0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWNetworkingXTCI0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWPriceListDialog0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWProductBase0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWProductProperties0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWStartScreen0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\CWXML0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\exiv2.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\Face.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\fpxjpeg.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\IccProfLib0.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\libeay32.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\libexpat.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\libhunspell.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\PerfectlyClearComprehensive.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\PerfectlyClearCore.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\phonon4.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn1020.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn1120.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn1220.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn1320.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn1420.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn1520.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn1620.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn1820.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn20.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn20n.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn2220.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn2320.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn2720.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn2920.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn4620.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn4720.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn4820.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn4920.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn5020.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn5120.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn5520.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn5820.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn5920.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn6620.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn6720.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn6820.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn6920.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn7220.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn7320.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn8020.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn8120.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn8220.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn8320.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn8420.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn8520.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn8820.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn8920.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn9220.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\picn9320.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\QtCore4.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\QtGui4.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\QtNetwork4.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\QtOpenGL4.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\QtSvg4.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\QtWebKit4.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\QtXml4.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\RecDev.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\RedEye.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\safpx.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\SAFPXLB.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\ssleay32.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\wnaspi32.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\zlib1.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\_ISource30.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\_SAFPX10.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\_SAJ2K10.dll" deleted
"C:\Users\Joachim\Mein CEWE FOTOBUCH\_SARAW10.dll" deleted
"C:\Users\Joachim\setup_Mein_CEWE_FOTOBUCH.exe" deleted
"C:\Users\Joachim\ChromeExtensions" deleted
"C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\jetpack" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default
- Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player@2020Technologies.com
- Amazon-Icon - %ProfilePath%\extensions\amazon-icon@winload.de
- Spartipps von SparPilot.com - %ProfilePath%\extensions\sparpilot@sparpilot.com
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default
7ABE33792F2787D599B6963E71B9E8CD	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll -	Shockwave Flash
AB87C54CA19675880B0CAE65B8AF140C	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 7.0.70.11
566439A13C0769D8117FC003E84DF383	- C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll -	20-20 3D Viewer
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkcedibhemacmilmkpndpkoidlnmgngg - C:\Users\Joachim\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx[]

YouTube - Joachim - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{019CFA91-2EF4-44AB-972D-92AF2531A251} Amazon  Url="hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{7C724DBA-E970-4F0E-AD87-7BB4CD9C78C3} eBay  Url="hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joachim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joachim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Joachim\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joachim\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Joachim\AppData\Local\Mozilla\Firefox\Profiles\4mk1y8tf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Joachim\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 01.06.2013 at 16:17:18,80 ======================
         
OTL:

Code:
ATTFilter
OTL logfile created on: 01.06.2013 16:21:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joachim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 60,60% Memory free
7,73 Gb Paging File | 6,21 Gb Available in Paging File | 80,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 47,50 Gb Free Space | 31,87% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 136,73 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
 
Computer Name: JOACHIM-TOSH | User Name: Joachim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.01 16:20:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joachim\Desktop\OTL.exe
PRC - [2013.05.10 09:31:34 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.30 18:04:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.30 18:04:14 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.19 15:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012.10.15 12:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2009.10.28 11:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.09.08 23:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.05.18 16:52:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 21:02:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.30 18:04:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.30 18:04:14 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.19 15:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012.10.15 12:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.10 13:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.11.05 10:19:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009.10.27 20:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.10.15 17:49:56 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2009.10.06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.28 14:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.30 18:04:27 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.30 18:04:27 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.30 18:04:27 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.05 23:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.15 20:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.02 13:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.09.22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.09 00:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.20 18:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV - [2011.04.16 22:09:51 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009.09.22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\..\SearchScopes\{019CFA91-2EF4-44AB-972D-92AF2531A251}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\..\SearchScopes\{7C724DBA-E970-4F0E-AD87-7BB4CD9C78C3}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: 2020Player%402020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: amazon-icon%40winload.de:1.0
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: engine@disabled.com:3.3.3.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:52:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 16:52:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:52:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 16:52:16 | 000,000,000 | ---D | M]
 
[2010.08.28 05:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joachim\AppData\Roaming\mozilla\Extensions
[2013.05.28 20:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions
[2012.11.30 18:43:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.03.06 18:37:25 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\2020Player@2020Technologies.com
[2013.05.14 10:53:26 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\amazon-icon@winload.de
[2013.05.14 10:53:20 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\sparpilot@sparpilot.com
[2013.05.25 17:44:24 | 000,620,338 | ---- | M] () (No name found) -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\extensions\toolbar@web.de.xpi
[2013.05.25 17:44:26 | 000,002,418 | ---- | M] () -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\searchplugins\englische-ergebnisse.xml
[2013.05.25 17:44:26 | 000,010,701 | ---- | M] () -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\searchplugins\gmx-suche.xml
[2013.05.25 17:44:26 | 000,002,432 | ---- | M] () -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\searchplugins\lastminute.xml
[2013.05.25 17:44:26 | 000,005,682 | ---- | M] () -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\searchplugins\webde-suche.xml
[2013.05.18 16:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.18 16:52:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-2316785790-3983578854-3728904588-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48EC04C8-8D13-408D-83BE-06395F61E96E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE02156B-AD7D-4F4A-8D30-F8B9D6A32CB2}: DhcpNameServer = 192.168.13.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{783ab164-b7ff-11df-ace3-705ab6b860cc}\Shell - "" = AutoRun
O33 - MountPoints2\{783ab164-b7ff-11df-ace3-705ab6b860cc}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{86E4D9E7-5085-4CB3-AE29-4CFD782E79DB} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk - C:\PROGRA~2\HEWLET~1\DIGITA~1\bin\hpotdd01.exe - (Hewlett-Packard)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Joachim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zahlungserinnerung.lnk - C:\wzed.exe - ()
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig:64bit - StartUpReg: Conime - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Desk 365 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EKStatusMonitor - hkey= - key= - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Optimizer Pro - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosWaitSrv - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TPwrMain - hkey= - key= - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.01 16:20:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joachim\Desktop\OTL.exe
[2013.06.01 16:17:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.01 16:14:54 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.06.01 16:14:54 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp
[2013.06.01 16:04:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.01 16:04:16 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.01 16:03:36 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Joachim\Desktop\JRT.exe
[2013.05.28 20:17:03 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Joachim\Desktop\dds+.exe
[2013.05.28 19:46:47 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\DoNotTrackPlus
[2013.05.21 10:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.05.21 10:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.21 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Programs
[2013.05.18 16:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.15 22:57:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 22:57:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 22:57:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 22:57:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 22:57:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 22:57:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 22:57:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 22:57:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 22:57:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 22:57:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 22:57:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 22:57:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 22:57:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 22:57:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 22:57:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 18:14:57 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 18:14:56 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 18:14:34 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 18:14:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 18:14:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 18:14:33 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 18:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 18:02:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.14 10:53:25 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
[2013.05.14 10:53:25 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
[2013.05.14 10:53:19 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp867b25cad114cde47b0c1237491f3b1a
[2013.05.11 09:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.11 00:47:07 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.11 00:47:07 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.11 00:47:07 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.11 00:47:07 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.11 00:47:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.11 00:47:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.11 00:47:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.11 00:47:07 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.11 00:47:06 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.11 00:47:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.11 00:47:06 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.11 00:47:06 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.11 00:47:06 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.11 00:47:06 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.11 00:47:06 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.11 00:47:06 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.11 00:47:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.11 00:47:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.11 00:47:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.11 00:47:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.11 00:47:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.11 00:47:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.11 00:47:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.11 00:47:06 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.11 00:47:06 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.11 00:47:05 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.11 00:47:05 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.11 00:47:05 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.11 00:47:05 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.11 00:47:05 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.11 00:47:05 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.11 00:47:05 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.11 00:47:05 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.11 00:47:05 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.11 00:47:05 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.11 00:47:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.11 00:47:05 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.11 00:47:05 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.11 00:47:05 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.11 00:47:05 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.11 00:47:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.11 00:47:05 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.11 00:47:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.11 00:47:05 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.11 00:47:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.11 00:47:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.11 00:47:05 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.11 00:47:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.11 00:47:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.11 00:47:04 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.11 00:47:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.11 00:47:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.11 00:47:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.10 09:32:10 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2010.09.19 00:07:39 | 008,537,824 | ---- | C] (ashampoo GmbH & Co. KG                                      ) -- C:\Program Files (x86)\ashampoo_burning_studio_6_free_6.77_3639.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 16:24:02 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 16:24:01 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 16:20:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joachim\Desktop\OTL.exe
[2013.06.01 16:15:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 16:15:35 | 3112,386,560 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 16:13:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2316785790-3983578854-3728904588-1000UA.job
[2013.06.01 16:12:46 | 000,526,763 | ---- | M] () -- C:\Users\Public\Desktop\sample__1612.zip
[2013.06.01 16:09:39 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.06.01 16:09:04 | 001,271,244 | ---- | M] () -- C:\Users\Joachim\Desktop\zoek.exe
[2013.06.01 16:03:42 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Joachim\Desktop\JRT.exe
[2013.06.01 13:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 12:42:20 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2316785790-3983578854-3728904588-1000Core.job
[2013.05.31 20:27:58 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.31 20:27:58 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.31 20:27:58 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.31 20:27:58 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.31 20:27:58 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.28 20:17:09 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Joachim\Desktop\dds+.exe
[2013.05.28 20:08:35 | 000,632,031 | ---- | M] () -- C:\Users\Joachim\Desktop\adwcleaner.exe
[2013.05.16 17:41:22 | 000,343,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.14 21:02:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.14 21:02:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.11 00:47:07 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.11 00:47:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.11 00:47:07 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.11 00:47:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.11 00:47:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.11 00:47:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.11 00:47:07 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.11 00:47:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.11 00:47:06 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.11 00:47:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.11 00:47:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.11 00:47:06 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.11 00:47:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.11 00:47:06 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.11 00:47:06 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.11 00:47:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.11 00:47:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.11 00:47:06 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.11 00:47:06 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.11 00:47:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.11 00:47:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.11 00:47:06 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.11 00:47:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.11 00:47:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.11 00:47:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.11 00:47:06 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.11 00:47:05 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.11 00:47:05 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.11 00:47:05 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.11 00:47:05 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.11 00:47:05 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.11 00:47:05 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.11 00:47:05 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.11 00:47:05 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.11 00:47:05 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.11 00:47:05 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.11 00:47:05 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.11 00:47:05 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.11 00:47:05 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.11 00:47:05 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.11 00:47:05 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.11 00:47:05 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.11 00:47:05 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.11 00:47:05 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.11 00:47:05 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.11 00:47:05 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.11 00:47:05 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.11 00:47:05 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.11 00:47:05 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.11 00:47:05 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.11 00:47:04 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.11 00:47:04 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.11 00:47:04 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.11 00:47:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.11 00:47:04 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.10 09:31:41 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.01 16:14:54 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.06.01 16:12:46 | 000,526,763 | ---- | C] () -- C:\Users\Public\Desktop\sample__1612.zip
[2013.06.01 16:09:01 | 001,271,244 | ---- | C] () -- C:\Users\Joachim\Desktop\zoek.exe
[2013.05.28 20:08:29 | 000,632,031 | ---- | C] () -- C:\Users\Joachim\Desktop\adwcleaner.exe
[2013.05.11 00:47:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.11 00:47:05 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.22 17:05:19 | 000,143,569 | ---- | C] () -- C:\Windows\hpwins30.dat
[2013.02.22 17:05:19 | 000,000,682 | ---- | C] () -- C:\Windows\hpwmdl30.dat
[2011.04.16 22:17:26 | 000,000,000 | -H-- | C] () -- C:\Users\Joachim\hpothb07.tif
[2011.04.16 22:17:26 | 000,000,000 | -H-- | C] () -- C:\Users\Joachim\hpothb07.dat
[2010.08.25 08:57:55 | 000,000,367 | ---- | C] () -- C:\Users\Joachim\RecentPlaces.lnk
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 01.06.2013 16:21:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joachim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 60,60% Memory free
7,73 Gb Paging File | 6,21 Gb Available in Paging File | 80,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 47,50 Gb Free Space | 31,87% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 136,73 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
 
Computer Name: JOACHIM-TOSH | User Name: Joachim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2316785790-3983578854-3728904588-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\Joachim\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Joachim\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\Joachim\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Joachim\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B996D5-11A2-40DD-8A01-794DBF575723}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{066F3E5B-1820-455C-BDF1-DDF1130A5CB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0A25C65E-B96A-4C16-9A43-D31B5CA87FDC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0F5FD125-7D0F-4FF7-B268-C3C110D1A965}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1DFD958F-72FF-4930-AFE1-64319081379E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{31EA1437-C001-4B36-A9EE-40E698CA86A9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{41634F91-81FE-4EF6-898E-A5DB133B6A36}" = rport=139 | protocol=6 | dir=out | app=system | 
"{648F21F7-D4B9-4CAD-82A3-45BE3635ED82}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{6EEC44E1-1400-4A01-8298-70A108231B18}" = rport=137 | protocol=17 | dir=out | app=system | 
"{715953C9-8742-468E-8ECE-BDFEB0613852}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75EAE794-0DB1-4C8F-9D89-43EA9D49181F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{892190D6-2A5F-431F-8301-6DABC373B592}" = rport=138 | protocol=17 | dir=out | app=system | 
"{91138355-7087-4490-8825-EC8406D43D3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{92174D86-E75C-4FA2-B01F-A0D5CED9DA6E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9798FD34-4C52-423F-B067-696E14B22BD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9B41F8E8-3F8D-4A97-9630-B7C8B61EC147}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0A17CB1-A95A-4BCF-BB89-4EFE9824F058}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4828564-43DE-43A2-A744-74C0506F3340}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD6ECB77-2952-422A-897F-A04D7F9570E4}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{AFBDA17E-15A2-4C22-8FE1-FA52D91E149A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B29C0C58-FC25-477C-A4E4-5086025352FE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B97BA032-34B8-47A7-A079-28BD3155C1FB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C4BFC890-C16E-460B-A1B2-47B18F2B34B8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CF834A3A-CA82-44BD-BE08-95CAED9D1801}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFCA7ED0-A713-4593-81EE-D15F3D7ACF0F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{E204A757-8E74-4C35-97B8-C06E2AFB8FFF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F071C573-DB0C-4C4C-92BC-6283148810CD}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{FA8CEF57-9B8F-4671-A9EB-CA97148FD37F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FAA533DC-6113-42A6-A06F-EBA440FD8552}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023B1FC7-05D6-49BB-BEE3-F959562C8435}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1F27EEB2-66DF-4EB2-A081-7183392C0CA7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{202FCE0B-F59D-4A0E-BF33-BDCF85C266D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20E001A0-B76C-48A3-B420-0066BEB8DB78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21177402-1B30-40E8-8BB7-2160B11C2935}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{244DCD19-95F6-49B3-964C-47FA1A063924}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{253AB9C4-D21F-4D7E-8BCC-2E15FD921C72}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2B1F6713-1FDC-41DC-8D0B-3E1FE0FCDB6C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2C62A87F-0121-43E7-AE2A-3E5DD6341FD7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3123D533-BD28-4E0B-A65E-CB5AB1E9749C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{3348A5DD-9DF2-4DC2-AD3D-A08D26EE55B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{369FE4EB-650C-424F-BC70-A2853F7097AA}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{3BCDED8D-514C-4143-83F8-9F0280138B2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C9BED08-3154-4512-9489-17CD89E969C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41257707-E9EA-4C9D-AB1D-E6934057F87E}" = protocol=6 | dir=out | app=system | 
"{56FCFBF3-EEC3-48F1-A301-81260C053458}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{642AA338-F350-402D-8697-747969DE511E}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{67D10FEE-1CDF-4EF8-BD12-BE33C8A0BEA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6D4CA2C1-0E06-4FBA-B73E-724E6080ED36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{783055CD-7964-41AB-8A9E-CDBB6A167A16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{831E7C09-5A94-4B97-B6A7-474F88E30ADE}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqscnvw.exe | 
"{8D901824-6AB7-48F4-B07D-2F0BAF951221}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B28E88B-65D4-4680-B656-BCD38A751894}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9BD0C64C-482D-4FA9-9B78-6F38DD40EEB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E32C8DA-4DA8-41EB-9B3A-7E60621BA654}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{A1F21204-D6B3-4851-9F2D-14CB43B5D14B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABDA42FB-798E-437C-A956-E8F18A74B76B}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{B1D40A97-33D8-4445-B9E9-C9DADD45AFC4}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{BBB89F88-B8B7-4C36-9CC7-E2F91865F70B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{BCD0507B-764A-47D6-AB02-F773E70AE71D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BF54CAF4-24A3-408A-9C4B-409F56E4BA90}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C0084A90-EBFD-4DA8-AA0B-B53F7325332D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{C6D142B3-7C39-4302-9E18-575631CDF838}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{CF1D1B8D-95A0-4CE0-A1E3-50C63E60306B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D6949B65-843A-4972-B47A-92A15612D642}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E2F5F709-C3FA-4F30-96D7-2FF7FE9C410C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EE06C282-9C5F-48A4-A867-E0E8F8AA16FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EF2A8DD8-6006-4279-AD21-A00F1A126BE1}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqkygrp.exe | 
"{F4BB38D2-1D09-4EDE-A4CF-3420B7012D16}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F666B693-951F-4031-B326-AF58C0777817}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{FED394ED-81F9-4BA7-81B5-4332D13424A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{32233ADD-02BF-417B-8624-FDE9C6E20E4C}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{32B8DA5E-FD3A-4CB5-A441-92F407543F2E}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{2EE350A6-15A0-44E0-BF5B-A952BDFF757F}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{FC084FFB-5BD9-4244-8929-72FFEE40CE94}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C260A1C3-EB49-F99A-38BA-B59C020D4609}" = ATI Catalyst Install Manager
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E27CF425-D27B-6ED6-D281-D8B26A404E67}" = ccc-utility64
"{E34BAA98-E4EA-4C12-8B9C-ABAE82FECB2D}" = HP Officejet 100 Mobile L411
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00763F56-1FE5-DA9F-A43E-53F5D46D6E7E}" = CCC Help Dutch
"{02F2BA99-3AFA-F0E6-969B-E6443A469967}" = Catalyst Control Center InstallProxy
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{084144E0-8719-9E07-49F9-D728A7533B32}" = CCC Help Russian
"{0CB58D13-A9CB-7599-DE28-D17205A3D381}" = Catalyst Control Center Graphics Previews Common
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14555947-6F14-421F-8F61-6489E0FDFAE5}" = Toshiba TEMPRO
"{1901B979-96F2-3330-D875-4803F233CF47}" = CCC Help Finnish
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C84AB70-7851-D03E-14B0-2CE969DD6CBA}" = Photo Service - powered by myphotobook
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2404C7F8-65CC-9408-F08E-73996B998A7D}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{290CD70B-6E45-7381-CDC4-45E582F49C60}" = Catalyst Control Center Graphics Previews Vista
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FFDADDF-5107-5CB7-1E9C-66E881680F25}" = CCC Help Turkish
"{320F5494-8DB9-10CD-6122-05299B9A4DAD}" = Catalyst Control Center Graphics Full New
"{39987616-5DF2-CDFA-761C-75E66743CE80}" = CCC Help Portuguese
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCF8458-04BA-EBB7-3EDD-BFD188230DBE}" = CCC Help Czech
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45D6FC55-A7CA-1EEA-C038-70998C3D190A}" = CCC Help Spanish
"{46D0CFB0-D3F7-6D32-8FBF-2F848F7ECA79}" = CCC Help Italian
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CF0F7CB-0520-4cb1-9CEE-19FA5DE50B9B}" = L411_web
"{4D76C6A4-A8AC-B6FF-C334-E6CBB7471C44}" = Catalyst Control Center Core Implementation
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53173451-0DDE-97E9-B6FE-1D068DBF2AF8}" = CCC Help Chinese Standard
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{58793BC5-EBCE-4e86-9ED2-2410A738AEEB}" = L411_Software_Min
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62B6B7C3-E75B-49E6-A351-6CDD99C39A61}" = calibre
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67753C59-3BB3-7CBB-7B10-F47CE982082F}" = CCC Help German
"{6ABF4A27-C269-88EB-1CA8-5A1D78A2FF08}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767F1CF5-6140-BCF3-549E-69B273099EC9}" = CCC Help Polish
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C4F9145-AEDA-55D4-3F5F-BCA89EA300E2}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8D3D00A7-F448-D3A3-BC79-CD603AEBC2F5}" = CCC Help Danish
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9817543D-592D-CDA9-B8E5-E7BB8DA63F45}" = CCC Help Chinese Traditional
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA30596-3A38-06B3-5EA2-8AF4B4FE27F2}" = CCC Help Hungarian
"{A0A61E1A-47BA-DD0F-8B31-2BA14B059258}" = CCC Help Japanese
"{A2690E7C-D909-4AE6-7C84-F1AC267A9020}" = Catalyst Control Center Graphics Full Existing
"{A35391E7-4D75-FD08-CBE4-0A9DFB944294}" = CCC Help Korean
"{A4BB082D-566E-4E26-9E89-0DB1DF7455C3}" = L411_Help_Web
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5ACFC20-FA4B-3448-431E-D0107C55E435}" = CCC Help English
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D05CD952-F58E-D2AC-D6EA-4178331A356C}" = CCC Help Thai
"{D408ADFE-DC5B-CA9A-4131-E4D870B07354}" = CCC Help Norwegian
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E1FFC21B-CB65-4C06-8FEA-16F47A4222FD}" = eBay
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8B28B89-FF29-9092-19BC-B2B6779FFA9F}" = Catalyst Control Center Localization All
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7776077-24D8-A51B-1580-46BB742EE0BC}" = CCC Help Greek
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F92DCCC1-0371-916E-78A3-BF9788D39152}" = CCC Help French
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"ElsterFormular" = ElsterFormular
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PrintProjects" = PrintProjects
"Profi cash" = Profi cash
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2316785790-3983578854-3728904588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 01.06.2013 10:16:44 | Computer Name = Joachim-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFS
 
 
< End of report >
         
SystemLook:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 16:34 on 01/06/2013 by Joachim
Administrator - Elevation successful

========== filefind ==========

Searching for "*qvo6*"
No files found.

Searching for "*Askcom*"
C:\Windows\System32\taskcomp.dll	--a---- 473600 bytes	[10:26 02/07/2011]	[13:27 20/11/2010] 6DC4A7242F565C9E9C9CCC7BB0FA75C7
C:\Windows\System32\de-DE\taskcomp.dll.mui	--a---- 14848 bytes	[17:58 14/07/2009]	[17:58 14/07/2009] BD0A09B79E8F7F89908E2C94DAE064AF
C:\Windows\SysWOW64\taskcomp.dll	--a---- 305152 bytes	[10:25 02/07/2011]	[12:21 20/11/2010] 1C3E8371377E988B683797A132EFFE1B
C:\Windows\SysWOW64\de-DE\taskcomp.dll.mui	--a---- 14848 bytes	[17:58 14/07/2009]	[17:58 14/07/2009] E758D59C883A37BBF8A72CFE431FBFB7
C:\Windows\winsxs\amd64_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ad0d764a76dfc578\taskcomp.dll.mui	--a---- 14848 bytes	[17:58 14/07/2009]	[17:58 14/07/2009] BD0A09B79E8F7F89908E2C94DAE064AF
C:\Windows\winsxs\amd64_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7600.16385_none_c489ed71f5ecb9f6\taskcomp.dll	--a---- 473600 bytes	[23:47 13/07/2009]	[01:41 14/07/2009] AEFBD8D2C9CE363F84AE0F89036412A6
C:\Windows\winsxs\amd64_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7600.16699_none_c483245ff5f132b8\taskcomp.dll	--a---- 473600 bytes	[19:09 15/12/2010]	[05:17 02/11/2010] 1B547066D0A6CD40EB3BAAC6A9C7E7A9
C:\Windows\winsxs\amd64_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7600.20830_none_c5449fff0ee643f4\taskcomp.dll	--a---- 473600 bytes	[19:09 15/12/2010]	[05:23 02/11/2010] B5D8684725908A0E72DCF488DF31F95E
C:\Windows\winsxs\amd64_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7601.17514_none_c6bb0139f2db3d90\taskcomp.dll	--a---- 473600 bytes	[10:26 02/07/2011]	[13:27 20/11/2010] 6DC4A7242F565C9E9C9CCC7BB0FA75C7
C:\Windows\winsxs\x86_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_de-de_50eedac6be825442\taskcomp.dll.mui	--a---- 14848 bytes	[17:58 14/07/2009]	[17:58 14/07/2009] E758D59C883A37BBF8A72CFE431FBFB7
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7600.16385_none_686b51ee3d8f48c0\taskcomp.dll	--a---- 304640 bytes	[23:30 13/07/2009]	[01:16 14/07/2009] 0D4E8439AD3159A335FA720E043EA22E
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7600.16699_none_686488dc3d93c182\taskcomp.dll	--a---- 305152 bytes	[19:09 15/12/2010]	[04:40 02/11/2010] EF8808FEA65723214D79734BDB79EBF6
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7600.20830_none_6926047b5688d2be\taskcomp.dll	--a---- 305152 bytes	[19:09 15/12/2010]	[04:28 02/11/2010] 1918ABE8B8670AF68D50FBCFB69FAA52
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7601.17514_none_6a9c65b63a7dcc5a\taskcomp.dll	--a---- 305152 bytes	[10:25 02/07/2011]	[12:21 20/11/2010] 1C3E8371377E988B683797A132EFFE1B

Searching for "*Conduit*"
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_868510_864310_DE.xml	--a---- 157 bytes	[17:45 20/01/2012]	[17:45 20/01/2012] 9AE470807868F8CF64B80F6DC781E60F
C:\Users\Joachim\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\B72J4GRZ\storage.conduit[1].xml	--a---- 13 bytes	[18:46 06/03/2012]	[18:46 06/03/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Joachim\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WCXEHIFS\facebook.conduitapps[1].xml	--a---- 13 bytes	[18:46 06/03/2012]	[18:46 06/03/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

========== folderfind ==========

Searching for "*qvo6*"
No folders found.

Searching for "*Askcom*"
No folders found.

Searching for "*Conduit*"
C:\Users\AppData\LocalLow\Conduit	d------	[22:11 18/09/2010]

========== regfind ==========

Searching for "qvo6"
No data found.

Searching for "Askcom"
No data found.

Searching for "Conduit"
No data found.

-= EOF =-
         
Gibt bisher keine Probleme mehr mit Qvo6.com. Weder im Firefox noch im IE. Kenne aber auch kein anderes Problem, als das mit der Startseite.


Alt 01.06.2013, 15:48   #6
M-K-D-B
/// TB-Ausbilder
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



Servus,


bevor wir weitermachen, habe ich noch eine Frage:

Wurde das FF-Plugin "sparpilot" bewusst bzw. absichtlich installiert?
__________________
--> Qvo6.com-Virus

Alt 01.06.2013, 17:32   #7
K3vin
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



Also das ist hier nicht immer ganz einfach zu rekonstruieren
Aber ich denke mal eher nein. Und wenn es doch jemand mal wissentlich oder unwissentlich gemacht hat, ist es jetzt überflüssig und wird nicht mehr gebraucht...

Alt 01.06.2013, 18:03   #8
M-K-D-B
/// TB-Ausbilder
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



Servus,



alles klar.


Wir entfernen die letzten Reste und kontrollieren anschließend nochmal alles



Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledItems: engine@disabled.com:3.3.3.2
[2013.05.14 10:53:20 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\sparpilot@sparpilot.com
[2013.05.14 10:53:25 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
[2013.05.14 10:53:25 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
[2013.05.14 10:53:19 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp867b25cad114cde47b0c1237491f3b1a

:files
C:\Users\AppData\LocalLow\Conduit

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.06.2013, 19:24   #9
K3vin
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



OTL:
Code:
ATTFilter
OTL logfile created on: 03.06.2013 19:32:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joachim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 70,15% Memory free
7,73 Gb Paging File | 6,35 Gb Available in Paging File | 82,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 46,99 Gb Free Space | 31,53% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 136,73 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
 
Computer Name: JOACHIM-TOSH | User Name: Joachim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.01 16:20:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joachim\Desktop\OTL.exe
PRC - [2013.05.10 09:31:34 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.30 18:04:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.30 18:04:14 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.19 15:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012.10.15 12:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
PRC - [2012.10.15 12:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2009.10.28 11:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.09.08 23:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.05.18 16:52:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 21:02:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.30 18:04:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.30 18:04:14 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.19 15:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012.10.15 12:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.10 13:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.11.05 10:19:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009.10.27 20:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.10.15 17:49:56 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2009.10.06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.28 14:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.30 18:04:27 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.30 18:04:27 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.30 18:04:27 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.05 23:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.15 20:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.02 13:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.09.22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.09 00:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.20 18:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV - [2011.04.16 22:09:51 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009.09.22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{019CFA91-2EF4-44AB-972D-92AF2531A251}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{7C724DBA-E970-4F0E-AD87-7BB4CD9C78C3}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: 2020Player%402020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: amazon-icon%40winload.de:1.0
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: engine@disabled.com:3.3.3.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:52:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 16:52:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:52:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 16:52:16 | 000,000,000 | ---D | M]
 
[2010.08.28 05:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joachim\AppData\Roaming\mozilla\Extensions
[2013.05.28 20:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions
[2012.11.30 18:43:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.03.06 18:37:25 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\2020Player@2020Technologies.com
[2013.05.14 10:53:26 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\amazon-icon@winload.de
[2013.05.14 10:53:20 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\sparpilot@sparpilot.com
[2013.05.25 17:44:24 | 000,620,338 | ---- | M] () (No name found) -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\extensions\toolbar@web.de.xpi
[2013.05.25 17:44:26 | 000,002,418 | ---- | M] () -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\searchplugins\englische-ergebnisse.xml
[2013.05.25 17:44:26 | 000,010,701 | ---- | M] () -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\searchplugins\gmx-suche.xml
[2013.05.25 17:44:26 | 000,002,432 | ---- | M] () -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\searchplugins\lastminute.xml
[2013.05.25 17:44:26 | 000,005,682 | ---- | M] () -- C:\Users\Joachim\AppData\Roaming\mozilla\firefox\profiles\4mk1y8tf.default\searchplugins\webde-suche.xml
[2013.05.18 16:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.18 16:52:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48EC04C8-8D13-408D-83BE-06395F61E96E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE02156B-AD7D-4F4A-8D30-F8B9D6A32CB2}: DhcpNameServer = 192.168.13.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{783ab164-b7ff-11df-ace3-705ab6b860cc}\Shell - "" = AutoRun
O33 - MountPoints2\{783ab164-b7ff-11df-ace3-705ab6b860cc}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.01 16:20:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joachim\Desktop\OTL.exe
[2013.06.01 16:17:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.01 16:14:54 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.06.01 16:14:54 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp
[2013.06.01 16:04:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.01 16:04:16 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.01 16:03:36 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Joachim\Desktop\JRT.exe
[2013.05.28 20:17:03 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Joachim\Desktop\dds+.exe
[2013.05.28 19:46:47 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\DoNotTrackPlus
[2013.05.21 10:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.05.21 10:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.21 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Programs
[2013.05.18 16:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.15 22:57:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 22:57:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 22:57:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 22:57:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 22:57:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 22:57:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 22:57:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 22:57:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 22:57:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 22:57:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 22:57:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 22:57:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 22:57:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 22:57:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 22:57:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 18:14:57 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 18:14:56 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 18:14:34 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 18:14:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 18:14:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 18:14:33 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 18:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 18:02:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.14 10:53:25 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
[2013.05.14 10:53:25 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
[2013.05.14 10:53:19 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp867b25cad114cde47b0c1237491f3b1a
[2013.05.11 09:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.11 00:47:07 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.11 00:47:07 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.11 00:47:07 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.11 00:47:07 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.11 00:47:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.11 00:47:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.11 00:47:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.11 00:47:07 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.11 00:47:06 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.11 00:47:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.11 00:47:06 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.11 00:47:06 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.11 00:47:06 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.11 00:47:06 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.11 00:47:06 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.11 00:47:06 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.11 00:47:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.11 00:47:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.11 00:47:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.11 00:47:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.11 00:47:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.11 00:47:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.11 00:47:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.11 00:47:06 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.11 00:47:06 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.11 00:47:05 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.11 00:47:05 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.11 00:47:05 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.11 00:47:05 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.11 00:47:05 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.11 00:47:05 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.11 00:47:05 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.11 00:47:05 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.11 00:47:05 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.11 00:47:05 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.11 00:47:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.11 00:47:05 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.11 00:47:05 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.11 00:47:05 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.11 00:47:05 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.11 00:47:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.11 00:47:05 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.11 00:47:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.11 00:47:05 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.11 00:47:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.11 00:47:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.11 00:47:05 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.11 00:47:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.11 00:47:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.11 00:47:04 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.11 00:47:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.11 00:47:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.11 00:47:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.10 09:32:10 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2010.09.19 00:07:39 | 008,537,824 | ---- | C] (ashampoo GmbH & Co. KG                                      ) -- C:\Program Files (x86)\ashampoo_burning_studio_6_free_6.77_3639.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 19:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 19:13:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2316785790-3983578854-3728904588-1000UA.job
[2013.06.03 19:13:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2316785790-3983578854-3728904588-1000Core.job
[2013.06.03 19:09:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.03 18:15:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.03 18:15:07 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.03 18:15:07 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.03 18:15:07 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.03 18:15:07 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.03 11:55:51 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 11:55:51 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 11:47:36 | 3112,386,560 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 16:33:39 | 000,165,376 | ---- | M] () -- C:\Users\Joachim\Desktop\SystemLook_x64.exe
[2013.06.01 16:20:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joachim\Desktop\OTL.exe
[2013.06.01 16:12:46 | 000,526,763 | ---- | M] () -- C:\Users\Public\Desktop\sample__1612.zip
[2013.06.01 16:09:39 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.06.01 16:09:04 | 001,271,244 | ---- | M] () -- C:\Users\Joachim\Desktop\zoek.exe
[2013.06.01 16:03:42 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Joachim\Desktop\JRT.exe
[2013.05.28 20:17:09 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Joachim\Desktop\dds+.exe
[2013.05.28 20:08:35 | 000,632,031 | ---- | M] () -- C:\Users\Joachim\Desktop\adwcleaner.exe
[2013.05.16 17:41:22 | 000,343,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.14 21:02:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.14 21:02:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.11 00:47:07 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.11 00:47:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.11 00:47:07 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.11 00:47:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.11 00:47:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.11 00:47:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.11 00:47:07 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.11 00:47:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.11 00:47:06 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.11 00:47:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.11 00:47:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.11 00:47:06 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.11 00:47:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.11 00:47:06 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.11 00:47:06 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.11 00:47:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.11 00:47:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.11 00:47:06 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.11 00:47:06 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.11 00:47:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.11 00:47:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.11 00:47:06 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.11 00:47:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.11 00:47:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.11 00:47:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.11 00:47:06 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.11 00:47:05 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.11 00:47:05 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.11 00:47:05 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.11 00:47:05 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.11 00:47:05 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.11 00:47:05 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.11 00:47:05 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.11 00:47:05 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.11 00:47:05 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.11 00:47:05 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.11 00:47:05 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.11 00:47:05 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.11 00:47:05 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.11 00:47:05 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.11 00:47:05 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.11 00:47:05 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.11 00:47:05 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.11 00:47:05 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.11 00:47:05 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.11 00:47:05 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.11 00:47:05 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.11 00:47:05 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.11 00:47:05 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.11 00:47:05 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.11 00:47:04 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.11 00:47:04 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.11 00:47:04 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.11 00:47:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.11 00:47:04 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.10 09:31:41 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.01 16:33:39 | 000,165,376 | ---- | C] () -- C:\Users\Joachim\Desktop\SystemLook_x64.exe
[2013.06.01 16:14:54 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.06.01 16:12:46 | 000,526,763 | ---- | C] () -- C:\Users\Public\Desktop\sample__1612.zip
[2013.06.01 16:09:01 | 001,271,244 | ---- | C] () -- C:\Users\Joachim\Desktop\zoek.exe
[2013.05.28 20:08:29 | 000,632,031 | ---- | C] () -- C:\Users\Joachim\Desktop\adwcleaner.exe
[2013.05.11 00:47:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.11 00:47:05 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.22 17:05:19 | 000,143,569 | ---- | C] () -- C:\Windows\hpwins30.dat
[2013.02.22 17:05:19 | 000,000,682 | ---- | C] () -- C:\Windows\hpwmdl30.dat
[2011.04.16 22:17:26 | 000,000,000 | -H-- | C] () -- C:\Users\Joachim\hpothb07.tif
[2011.04.16 22:17:26 | 000,000,000 | -H-- | C] () -- C:\Users\Joachim\hpothb07.dat
[2010.08.25 08:57:55 | 000,000,367 | ---- | C] () -- C:\Users\Joachim\RecentPlaces.lnk
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< :OTL >
 
< FF - prefs.js..extensions.enabledItems: engine@disabled.com:3.3.3.2 >
 
< [2013.05.14 10:53:20 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Joachim\AppData\Roaming\mozilla\Firefox\Profiles\4mk1y8tf.default\extensions\sparpilot@sparpilot.com >
 
< [2013.05.14 10:53:25 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c >
 
< [2013.05.14 10:53:25 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13 >
 
< [2013.05.14 10:53:19 | 000,000,000 | ---D | C] -- C:\Users\Joachim\AppData\Local\Temp867b25cad114cde47b0c1237491f3b1a >
 
<  >
 
< :files >
 
< C:\Users\AppData\LocalLow\Conduit >
 
<  >
 
< :Commands >
 
< [emptytemp] >
 
<           >

< End of report >
         
MALWAREBYTES (hier konnte ich nicht "Ergebnis anzeigen" klicken; möglicherweise, weil nichts gefunden wurde?):

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Joachim :: JOACHIM-TOSH [Administrator]

Schutz: Aktiviert

03.06.2013 19:49:21
mbam-log-2013-06-03 (19-49-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223038
Laufzeit: 4 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Das wären die ersten beiden. ESET braucht ziemlich lange und läuft gerade durch. Ich gehe heim und poste die entsprechenden Sachen dann morgen ;-)

Alt 04.06.2013, 19:11   #10
M-K-D-B
/// TB-Ausbilder
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



Servus,


du sollst einen OTL-Fix machen.

Lies dir bitte meine Anleitung nochmal durch und führe OTL richtig aus...
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 09.06.2013, 09:36   #11
M-K-D-B
/// TB-Ausbilder
 
Qvo6.com-Virus - Standard

Qvo6.com-Virus



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Qvo6.com-Virus
adobe, amazon-icon, antivir, appdatalow, avira, cpu, defender, desktop, dll, explorer, flash player, helper, home, iexplore.exe, internet, internet browser, internet explorer, launch, mozilla, officejet, performance, problem, realtek, registrierungsdatenbank, rundll, security, software, svchost.exe, temp, usb, windows



Ähnliche Themen: Qvo6.com-Virus


  1. qvo6 virus
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (1)
  2. QVO6-Virus eingefangen mit Win8
    Log-Analyse und Auswertung - 11.10.2013 (3)
  3. Virus QVO6
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (3)
  4. win7,Virus qvo6,anderer Virus
    Log-Analyse und Auswertung - 06.10.2013 (39)
  5. Werde den Browser Virus qvo6 nicht los
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (6)
  6. Windows 7: qvo6 virus noch auf dem pc?
    Log-Analyse und Auswertung - 06.09.2013 (13)
  7. Wie qvo6 Virus vollständig entfernen?
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (12)
  8. Über pdf-creator Qvo6 Virus eingefangen :(
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (13)
  9. QVO6 Virus / Firefox plötzlich verändert
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (20)
  10. qvo6 Virus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (22)
  11. Virus/Trojaner Qvo6
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (9)
  12. Ich bin mir unsicher, ob der Qvo6-Virus noch in meinem System ist.
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (17)
  13. Qvo6 virus eingefangen! Kann es nicht löschen
    Log-Analyse und Auswertung - 18.07.2013 (6)
  14. qvo6 Virus läßt sich nicht entfernen
    Log-Analyse und Auswertung - 15.05.2013 (11)
  15. qvo6 virus internet explorer windows vista
    Plagegeister aller Art und deren Bekämpfung - 29.04.2013 (18)
  16. Qvo6-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (11)
  17. Sehr starke probleme mit Qvo6 - Virus!
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (11)

Zum Thema Qvo6.com-Virus - Hallo zusammen, habe auf meinem Laptop das Problem mit dem Qvo6.com-Virus. Habe schon die Schritte 1 bis 3 befolgt, die ryder in seinem Post hier http://www.trojaner-board.de/134652-...ngefangen.html beschrieben hat. Hier sind - Qvo6.com-Virus...
Archiv
Du betrachtest: Qvo6.com-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.