Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   ein Problem gefunden,,hkey data manager toolbar,,kann es nicht löschen (https://www.trojaner-board.de/139994-problem-gefunden-hkey-data-manager-toolbar-loeschen.html)

charly1601 17.08.2013 17:06
ein Problem gefunden,,hkey data manager toolbar,,kann es nicht löschen
 
Ich glaube ich habe mir einen Trojaner eingefangenI Ich habe GMAR und Malwarebytes Anti -Rootkit Utility runtergekaden. Bin nach der Anleitung gegangen und bei den Tools hänge ich jetzt fest.Laut des Scanns habe ich keine Funde.
Ich habe hier auch einen Logfile.
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
charly1983 :: CHaARLY1983-VAIO [administrator]

17.08.2013 17:26:50
mbar-log-2013-08-17 (17-26-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 238893
Time elapsed: 12 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
ich hoffe ihr könnt mir helfen!
LG Charly:dankeschoen:

aharonov 17.08.2013 17:40
Hi,

Zitat:
Ich glaube ich habe mir einen Trojaner eingefangen
Wie kommst du denn drauf?


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


charly1601 18.08.2013 17:29
Hey,

danke für die schnelle Antwort!Freunde haben gesagt,ich hätte mir einen Spion einefangen und ich habs mal gegooglelt!Da bin ich auf Malware gestoßen .Wollte mir lieber ne professionelle Hilfe holen.
Ich werde es jetzt gleich ausprobieren.
Danke Sylvia

so der Scan ist jetzt durch.
Hier die FRST.txt
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-08-2013 01
Ran by charly1983 (administrator) on 18-08-2013 18:12:08
Running from C:\Users\charly1983\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
() C:\Program Files (x86)\WebConnect\updateWebConnect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Runonce: [Del3913799] - cmd.exe /Q /D /c del "C:\Users\CHARLY~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del3917325] - cmd.exe /Q /D /c del "C:\Users\CHARLY~1\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [HP Photosmart Plus B210 series (NET)] - C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [SCheck] - C:\Users\charly1983\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\charly1983\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [DataMgr] - C:\Users\charly1983\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKCU\...\Run: [Intermediate] - C:\Users\charly1983\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKCU\...\Runonce: [Del3913799] - cmd.exe /Q /D /c del "C:\Users\CHARLY~1\AppData\Local\Temp\0.del" [x]
HKCU\...\Runonce: [Del3917325] - cmd.exe /Q /D /c del "C:\Users\CHARLY~1\AppData\Local\Temp\0.del" [x]
MountPoints2: {bfd3b168-2fea-11e1-af54-b4277f6ef0c4} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
AppInit_DLLs:    [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sony MSS.lnk
ShortcutTarget: Sony MSS.lnk -> C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\charly1983\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = fbDownloader Search
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search
URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
URLSearchHook: (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} -  No File
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&ir=sware&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0CyEyEyDtC0DyD0E0C0AtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1506707437
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&ir=sware&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0CyEyEyDtC0DyD0E0C0AtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1506707437
SearchScopes: HKLM-x32 - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=647C90004EC4451D&affID=119357&tt=180813_220&tsp=4978
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=647C90004EC4451D&affID=119357&tt=180813_220&tsp=4978
SearchScopes: HKCU - {2A2483DB-4871-46C0-9B52-014088994C2B} URL = Shopping.com Deutschland - der große Produkt- und Preisvergleich
SearchScopes: HKCU - {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
SearchScopes: HKCU - {5A8097A9-95B8-44A5-BB98-647C95D6777B} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=17
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searc
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.chatzum.com/?q={SearchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKCU - {BBB75436-FAE2-41F8-81D6-E20B1B8CE826} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6R8D5W1R97&i=26
SearchScopes: HKCU - {D5188DF2-F36A-46D9-8F50-BDE50D0AFD77} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=9698b8fe-287a-443a-ac0d-e12fef339919&apn_sauid=51D2D3D3-B8B3-4873-A7CA-0F27C14CD3AF
SearchScopes: HKCU - {E9783D89-8707-436A-A633-3DC7D78D5E35} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files (x86)\WebConnect\WebConnectbho.dll (Web Connect)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
BHO-x32: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll (TODO: <Company name>)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - DVDvideoSoft 2.0 Toolbar - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Windows\system32\d3dynfov8.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default
FF user.js: detected! => C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\user.js
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\FBDownloader.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SearchTheWeb.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\search_the_web.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF Extension: No Name - C:\Users\charly1983\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\charly1983\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: wxDfast - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\5038a95a0190b@5038a95a01945.info
FF Extension: No Name - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\crossriderapp2258@crossrider.com
FF Extension: No Name - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\crossriderapp4479@crossrider.com
FF Extension: No Name - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\crossriderapp5060@crossrider.com
FF Extension: incredibar.com - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\ffxtlbr@incredibar.com
FF Extension: softonic.com - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\ffxtlbra@softonic.com
FF Extension: SpecialSavings - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\specialsavings@superfish.com
FF Extension: No Name - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\staged
FF Extension: MediaBar - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
FF Extension: ftd - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\ftd@ftd.com.xpi
FF Extension: socksharedownloader - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\Extensions\socksharedownloader@socksharedownloader.com.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [5038a95a0190b@5038a95a01945.info] C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\5038a95a0190b@5038a95a01945.info
FF Extension: wxDfast - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\5038a95a0190b@5038a95a01945.info
FF HKCU\...\Firefox\Extensions: [specialsavings@superfish.com] C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles/tn4v7yf6.default\extensions\specialsavings@superfish.com
FF Extension: SpecialSavings - C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles/tn4v7yf6.default\extensions\specialsavings@superfish.com

Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=647C90004EC4451D&affID=119357&tt=180813_220&tsp=4978
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=647C90004EC4451D&affID=119357&tt=180813_220&tsp=4978
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\CHARLY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WebConnect) - C:\Users\CHARLY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_1
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - C:\Users\charly1983\AppData\Local\CRE\bhphemoobgnikcoofkgackkaimpfmenm.crx
CHR HKLM-x32\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\charly1983\AppData\Local\MediaBA\betterads.crx
CHR HKLM-x32\...\Chrome\Extension: [caloheeledhajihipjihanmihhegodlc] - C:\Users\charly1983\AppData\Local\CRE\caloheeledhajihipjihanmihhegodlc.crx
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\charly1983\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\charly1983\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx
CHR HKLM-x32\...\Chrome\Extension: [hchjefioipobhcjbdaaigbpmjgccoeco] - C:\Users\charly1983\AppData\Local\CRE\hchjefioipobhcjbdaaigbpmjgccoeco.crx
CHR HKLM-x32\...\Chrome\Extension: [ieakfmpjhljbpbfpldjkddkjmmgjmgon] - C:\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\charly1983\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx
CHR HKLM-x32\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files (x86)\SockshareDownloader\SockshareDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\charly1983\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.)
S2 LanmanWorkstation; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R2 Update WK; C:\Program Files (x86)\WebConnect\updateWebConnect.exe [199976 2013-08-17] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1359408 2013-03-26] (Sony Corporation)
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-11] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt; system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS; \SystemRoot\system32\drivers\btath_bus.sys [x]
S3 BTATH_HCRP; \SystemRoot\system32\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP; \SystemRoot\system32\drivers\btath_rcp.sys [x]
S3 BtFilter; system32\DRIVERS\btfilter.sys [x]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-18 18:10 - 2013-08-18 18:10 - 01575812 _____ (Farbar) C:\Users\charly1983\Downloads\FRST64.exe
2013-08-18 18:00 - 2013-08-18 18:04 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-08-18 18:00 - 2013-08-18 18:03 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\BabSolution
2013-08-18 18:00 - 2013-08-18 18:00 - 00003278 _____ C:\Windows\System32\Tasks\Dealply
2013-08-18 18:00 - 2013-08-18 18:00 - 00003274 _____ C:\Windows\System32\Tasks\DSite
2013-08-18 18:00 - 2013-08-18 18:00 - 00000314 _____ C:\Windows\Tasks\Dealply.job
2013-08-18 18:00 - 2013-08-18 18:00 - 00000310 _____ C:\Windows\Tasks\DSite.job
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\DSite
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Dealply
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Babylon
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Users\CHARLY~1\AppData\Local\DealPlyLive
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Program Files (x86)\WebConnect
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-08-18 17:58 - 2013-08-18 17:58 - 00714352 _____ C:\Users\charly1983\Downloads\ZipOpenerSetup.exe
2013-08-17 18:03 - 2013-08-17 18:03 - 00003619 _____ C:\Users\charly1983\Downloads\gmer.txt
2013-08-17 17:29 - 2013-08-17 17:29 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Avira
2013-08-17 17:26 - 2013-08-17 17:58 - 00000000 ____D C:\Users\charly1983\Desktop\mbar
2013-08-17 17:26 - 2013-08-17 17:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-17 17:25 - 2013-08-17 17:25 - 12081912 _____ (Malwarebytes Corp.) C:\Users\charly1983\Downloads\mbar-1.06.1.1005.exe
2013-08-17 17:25 - 2013-08-17 17:24 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-17 17:23 - 2013-08-17 17:23 - 00002076 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-17 17:23 - 2013-08-17 17:23 - 00000000 ____D C:\ProgramData\Avira
2013-08-17 17:23 - 2013-08-17 17:23 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-17 17:23 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-17 17:23 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-17 17:23 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-17 17:17 - 2013-08-17 17:22 - 110344048 _____ C:\Users\charly1983\Downloads\avira_free_antivirus85_de.exe
2013-08-17 16:07 - 2013-08-17 16:07 - 00377856 _____ C:\Users\charly1983\Downloads\rt890wfv.exe
2013-08-17 15:14 - 2013-08-17 15:14 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Malwarebytes
2013-08-17 15:14 - 2013-08-17 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 15:11 - 2013-08-17 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\charly1983\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-15 03:38 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:38 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:38 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:38 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:38 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:38 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:38 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:38 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:38 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:38 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:38 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:38 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:38 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:38 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:08 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 03:08 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 03:08 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 03:08 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 03:08 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 03:08 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 03:08 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 03:08 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 03:08 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 03:08 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 03:08 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 03:08 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 03:08 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 03:08 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 03:08 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 03:08 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 03:08 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 03:08 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 03:08 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 03:08 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 03:08 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 03:08 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 03:08 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 03:08 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 03:08 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 03:07 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 03:07 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 19:53 - 2013-08-11 20:28 - 00000000 ____D C:\Users\charly1983\Desktop\musik
2013-08-11 17:12 - 2013-08-11 17:12 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-08-11 17:12 - 2013-08-11 17:12 - 00000000 ____D C:\Users\charly1983\Documents\StarBurn
2013-08-11 17:12 - 2013-08-11 17:12 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\StarBurn
2013-08-11 17:11 - 2013-08-11 17:11 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\MediaFilters
2013-08-11 17:11 - 2013-08-11 17:11 - 00000000 ____D C:\Program Files (x86)\StarBurn Software
2013-08-11 17:07 - 2013-08-11 17:09 - 20811512 _____ (StarBurn Software                                          ) C:\Users\charly1983\Downloads\StarBurn151Setup.exe
2013-08-11 16:58 - 2013-08-11 17:02 - 32747816 _____ (Nero AG) C:\Users\charly1983\Downloads\Nero_BurnLite-10.0.10600.exe
2013-08-11 16:48 - 2013-08-11 16:49 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\DeepBurner
2013-08-11 16:47 - 2013-08-11 16:47 - 00000000 ____D C:\Users\charly1983\Downloads\DeepBurner19_Portable
2013-08-11 16:47 - 2008-03-18 12:56 - 00000033 _____ C:\Users\charly1983\Documents\INSTALL.LOG
2013-08-11 16:47 - 2008-03-11 15:21 - 03739136 _____ (Astonsoft) C:\Users\charly1983\Documents\DeepBurner.exe
2013-08-11 16:47 - 2008-03-07 00:59 - 00072756 _____ C:\Users\charly1983\Documents\DeepBurner.lng
2013-08-11 16:47 - 2006-03-15 23:29 - 00005421 _____ C:\Users\charly1983\Documents\License.txt
2013-08-11 16:47 - 2005-10-06 20:36 - 00092216 _____ (Un4seen Developments) C:\Users\charly1983\Documents\bass.dll
2013-08-11 16:47 - 2005-08-12 12:54 - 00001482 _____ C:\Users\charly1983\Documents\DeepBurner.log
2013-08-11 16:47 - 2005-07-26 19:55 - 00000000 ____D C:\Users\charly1983\Documents\Images
2013-08-11 16:47 - 2005-07-26 19:55 - 00000000 ____D C:\Users\charly1983\Documents\Autorun
2013-08-11 16:47 - 2005-03-28 00:45 - 00000539 _____ C:\Users\charly1983\Documents\deepburner.exe.manifest
2013-08-11 16:47 - 2004-10-16 12:03 - 00643984 _____ C:\Users\charly1983\Documents\BurnerHelp.chm
2013-08-11 16:47 - 2004-03-16 17:13 - 00003789 _____ C:\Users\charly1983\Documents\Readme.txt
2013-08-11 16:47 - 2004-02-19 23:41 - 00001794 _____ C:\Users\charly1983\Documents\DefLang.ini
2013-08-11 16:47 - 2003-12-07 14:24 - 00085610 _____ C:\Users\charly1983\Documents\DefaultSound.wav
2013-08-11 16:47 - 2003-08-30 16:50 - 00199168 _____ C:\Users\charly1983\Documents\Uninstall.exe
2013-08-11 16:46 - 2013-08-11 16:47 - 03074362 _____ C:\Users\charly1983\Downloads\DeepBurner19_Portable.zip
2013-08-11 16:40 - 2013-08-11 16:40 - 01207896 _____ (Koyote-Lab Inc) C:\Users\charly1983\Downloads\FreeEasyCDDVDBurnerSetup-r101-w-bc (3).exe
2013-08-11 15:42 - 2013-08-11 15:42 - 01207896 _____ (Koyote-Lab Inc) C:\Users\charly1983\Downloads\FreeEasyCDDVDBurnerSetup-r101-w-bc (2).exe
2013-08-11 15:23 - 2013-08-11 15:23 - 01207896 _____ (Koyote-Lab Inc) C:\Users\charly1983\Downloads\FreeEasyCDDVDBurnerSetup-r101-w-bc (1).exe
2013-08-11 15:21 - 2013-08-11 15:21 - 01207896 _____ (Koyote-Lab Inc) C:\Users\charly1983\Downloads\FreeEasyCDDVDBurnerSetup-r101-w-bc.exe
2013-08-11 15:21 - 2013-08-11 15:21 - 00000000 ____D C:\Program Files (x86)\Free Easy CD DVD Burner
2013-08-11 15:10 - 2013-08-11 15:12 - 33177736 _____ (Nero AG) C:\Users\charly1983\Downloads\Nero-9.4.12.708b_lite.exe
2013-08-11 14:47 - 2013-08-11 14:47 - 03292672 _____ (CodeSnake Software) C:\Users\charly1983\Downloads\ExploreBurnSetup-1.5.3.exe
2013-07-28 23:03 - 2013-07-31 21:02 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-28 23:01 - 2013-07-28 23:01 - 00784872 _____ (Google Inc.) C:\Users\charly1983\Downloads\ChromeSetup.exe
2013-07-28 22:13 - 2013-07-28 22:13 - 00000013 _____ C:\Users\charly1983\www.google[1].xml
2013-07-28 22:12 - 2013-07-28 22:12 - 03667825 _____ C:\Users\charly1983\Trace9.fx
2013-07-28 22:12 - 2013-07-28 22:12 - 00784664 _____ (Google Inc.) C:\Users\charly1983\GoogleUpdateSetup.exef4430
2013-07-28 22:12 - 2013-07-28 22:12 - 00524288 _____ C:\Users\charly1983\WebCacheV01.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00399035 _____ (Microsoft Corporation) C:\Users\charly1983\00000000-405FD5F1.av$
2013-07-28 22:12 - 2013-07-28 22:12 - 00156962 _____ C:\Users\charly1983\Preferences~RF140c30.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00085260 _____ C:\Users\charly1983\jquery-1.5.1.min.js
2013-07-28 22:12 - 2013-07-28 22:12 - 00065536 _____ C:\Users\charly1983\tmp.edb
2013-07-28 22:12 - 2013-07-28 22:12 - 00046786 _____ C:\Users\charly1983\20130624_Double%20Play_CallandSurfComfort_VDSL_Motiv%20Pferderennen_728x90_02_online[1].swf
2013-07-28 22:12 - 2013-07-28 22:12 - 00045199 _____ C:\Users\charly1983\Local State~RF13fb4f.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00044544 _____ C:\Users\charly1983\o2dsl_xx_vdsl_ca_300x250[1].swf
2013-07-28 22:12 - 2013-07-28 22:12 - 00041902 _____ C:\Users\charly1983\square.xcf
2013-07-28 22:12 - 2013-07-28 22:12 - 00040766 _____ C:\Users\charly1983\Upd-2013-07-24-14-34-23.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00039793 _____ C:\Users\charly1983\03a111f3-3cfc-4160-93ea-2984878c0322[1].swf
2013-07-28 22:12 - 2013-07-28 22:12 - 00032768 _____ C:\Users\charly1983\places.sqlite-shm
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E57E.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E56D.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E56C.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E56B.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E56A.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E569.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E568.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\B315.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\B314.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\B313.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00026288 _____ C:\Users\charly1983\Upd-2013-07-20-14-15-40.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00025188 _____ C:\Users\charly1983\Upd-2013-07-21-21-19-20.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00023260 _____ C:\Users\charly1983\Upd-2013-07-24-20-45-59.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00021836 _____ C:\Users\charly1983\icon.xcf
2013-07-28 22:12 - 2013-07-28 22:12 - 00019988 _____ C:\Users\charly1983\d0ab9eb062e2c52d.customDestinations-ms~RF13e55f.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00019238 _____ C:\Users\charly1983\2013.06.20_Double%20Play_CallandSurfComfort_Motiv%20Mouse_300x250_2_online[1].swf
2013-07-28 22:12 - 2013-07-28 22:12 - 00011222 _____ C:\Users\charly1983\Upd-2013-07-25-22-20-17.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00010654 _____ C:\Users\charly1983\frameiconcache.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00009828 _____ C:\Users\charly1983\tabiconcache.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00006764 _____ C:\Users\charly1983\avira-notifier-6944975[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00006324 _____ C:\Users\charly1983\main-v.1.3.5.css
2013-07-28 22:12 - 2013-07-28 22:12 - 00005248 _____ C:\Users\charly1983\newtab.css
2013-07-28 22:12 - 2013-07-28 22:12 - 00005149 _____ C:\Users\charly1983\1[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00005120 _____ C:\Users\charly1983\{E9BFD33A-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00005120 _____ C:\Users\charly1983\{E9BFAC2A-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00004955 _____ C:\Users\charly1983\stats.js
2013-07-28 22:12 - 2013-07-28 22:12 - 00004608 _____ C:\Users\charly1983\RecoveryStore.{D6AFC02E-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00003843 _____ C:\Users\charly1983\28c8b86deab549a1.customDestinations-ms~RF1ac754.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\https_x.myspacecdn.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\https_www.facebook.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\https_www.amazon.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\https_myspace.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_www.wie-sagt-man-noch.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_synonyme.woxikon.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_imagesrv.adition.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_gft2.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_de.wikipedia.org_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_ad.adnet.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003596 _____ C:\Users\charly1983\Upd-2013-07-28-01-31-58.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00003584 _____ C:\Users\charly1983\RecoveryStore.{E9BFD339-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00003584 _____ C:\Users\charly1983\RecoveryStore.{E9BFAC29-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_x.myspacecdn.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_www.facebook.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_www.amazon.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_myspace.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_chrome.google.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_www.wie-sagt-man-noch.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_synonyme.woxikon.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_imagesrv.adition.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_gft2.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_de.wikipedia.org_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_ad.adnet.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00002848 _____ C:\Users\charly1983\Weka_800x600_standardt_MCT[2].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00002848 _____ C:\Users\charly1983\Weka_800x600_standardt_MCT[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00002766 _____ C:\Users\charly1983\universal[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00002698 _____ C:\Users\charly1983\ZipFileLicense.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00002516 _____ C:\Users\charly1983\MpCmdRun.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00002066 _____ C:\Users\charly1983\ie8[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00001722 _____ C:\Users\charly1983\index_quer2[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00001471 _____ C:\Users\charly1983\1[2].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00001349 _____ C:\Users\charly1983\clip_image001.emz
2013-07-28 22:12 - 2013-07-28 22:12 - 00001163 _____ C:\Users\charly1983\004353.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00001093 _____ C:\Users\charly1983\notifier_avira_com[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000892 _____ C:\Users\charly1983\NVLSBT49.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000699 _____ C:\Users\charly1983\CZbackground.html
2013-07-28 22:12 - 2013-07-28 22:12 - 00000669 _____ C:\Users\charly1983\vcm_platzhalter_300x250[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000668 _____ C:\Users\charly1983\vcm_platzhalter_728x90[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000656 _____ C:\Users\charly1983\manifest.json
2013-07-28 22:12 - 2013-07-28 22:12 - 00000556 _____ C:\Users\charly1983\TransportSecurity~RF13fc77.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000532 _____ C:\Users\charly1983\8YU6O5MV.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000512 _____ C:\Users\charly1983\https_chrome.google.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00000496 _____ C:\Users\charly1983\newtab.html
2013-07-28 22:12 - 2013-07-28 22:12 - 00000465 _____ C:\Users\charly1983\settings.sol
2013-07-28 22:12 - 2013-07-28 22:12 - 00000355 _____ C:\Users\charly1983\HZR8X5C6.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000331 _____ C:\Users\charly1983\AF_zalando_outlet_400x535[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000301 _____ C:\Users\charly1983\2GO0BW9S.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000231 _____ C:\Users\charly1983\springer_50-50[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000230 _____ C:\Users\charly1983\settings.json
2013-07-28 22:12 - 2013-07-28 22:12 - 00000226 _____ C:\Users\charly1983\GTSV3822.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000188 _____ C:\Users\charly1983\Default[1].aspx
2013-07-28 22:12 - 2013-07-28 22:12 - 00000187 _____ C:\Users\charly1983\background.html
2013-07-28 22:12 - 2013-07-28 22:12 - 00000172 _____ C:\Users\charly1983\LDHQU6AW.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000146 _____ C:\Users\charly1983\FX8OL02O.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000134 _____ C:\Users\charly1983\H0CE7LV6.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000112 _____ C:\Users\charly1983\9K5Q3KL2.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000103 _____ C:\Users\charly1983\SnackTV.sol
2013-07-28 22:12 - 2013-07-28 22:12 - 00000090 _____ C:\Users\charly1983\VCRBGFPV.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000089 _____ C:\Users\charly1983\7PWAZE0O.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000088 _____ C:\Users\charly1983\redirect.html
2013-07-28 22:12 - 2013-07-28 22:12 - 00000086 _____ C:\Users\charly1983\AYOIKY53.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000085 _____ C:\Users\charly1983\ZC9GYH5G.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000085 _____ C:\Users\charly1983\CUP14R7N.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000084 _____ C:\Users\charly1983\secure.img-cdn.mediaplex[1].xml
2013-07-28 22:12 - 2013-07-28 22:12 - 00000043 _____ C:\Users\charly1983\gif[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000038 _____ C:\Users\charly1983\000934.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00000016 _____ C:\Users\charly1983\CURRENT~RF1606c4.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000016 _____ C:\Users\charly1983\CURRENT~RF15ee64.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000016 _____ C:\Users\charly1983\CURRENT~RF15e8a9.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000008 _____ C:\Users\charly1983\PLAB.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00000001 _____ C:\Users\charly1983\softupdate[4].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000001 _____ C:\Users\charly1983\softupdate[3].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 ___HT C:\Users\charly1983\Preferences~RF13e12a.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 ___HT C:\Users\charly1983\CURRENT~RF73f9e.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\EtwRTMsMpPsSession7.etl
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\DMI4AB5.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\container.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\B312.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\003815.log
2013-07-28 20:47 - 2013-07-28 20:47 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\337 Wallpaper
2013-07-28 20:41 - 2013-07-28 22:54 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Omiga Plus
2013-07-28 20:41 - 2013-07-28 20:49 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-07-28 20:41 - 2013-07-28 20:42 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\337
2013-07-28 20:41 - 2013-07-28 20:41 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\WinZipper
2013-07-28 20:38 - 2013-07-28 22:54 - 00000000 ____D C:\ProgramData\eSafe
2013-07-21 22:00 - 2013-07-21 22:00 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job

==================== One Month Modified Files and Folders =======

2013-08-18 18:11 - 2013-08-18 18:11 - 00000000 ____D C:\FRST
2013-08-18 18:10 - 2013-08-18 18:10 - 01575812 _____ (Farbar) C:\Users\charly1983\Downloads\FRST64.exe
2013-08-18 18:05 - 2013-08-18 18:00 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-08-18 18:04 - 2013-08-18 18:00 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-08-18 18:03 - 2013-08-18 18:00 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\BabSolution
2013-08-18 18:02 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-18 18:02 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-18 18:01 - 2013-07-18 22:51 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-18 18:00 - 2013-08-18 18:00 - 00003278 _____ C:\Windows\System32\Tasks\Dealply
2013-08-18 18:00 - 2013-08-18 18:00 - 00003274 _____ C:\Windows\System32\Tasks\DSite
2013-08-18 18:00 - 2013-08-18 18:00 - 00000314 _____ C:\Windows\Tasks\Dealply.job
2013-08-18 18:00 - 2013-08-18 18:00 - 00000310 _____ C:\Windows\Tasks\DSite.job
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\DSite
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Dealply
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Babylon
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Users\CHARLY~1\AppData\Local\DealPlyLive
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-08-18 18:00 - 2013-08-18 18:00 - 00000000 ____D C:\Program Files (x86)\WebConnect
2013-08-18 17:58 - 2013-08-18 17:58 - 00714352 _____ C:\Users\charly1983\Downloads\ZipOpenerSetup.exe
2013-08-18 17:28 - 2012-05-16 23:04 - 00000000 ____D C:\Users\CHARLY~1\AppData\Local\PokerStars.EU
2013-08-18 17:27 - 2012-09-07 01:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-18 16:59 - 2011-09-01 19:37 - 01776343 _____ C:\Windows\WindowsUpdate.log
2013-08-18 16:55 - 2013-07-18 22:51 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-18 16:55 - 2013-01-31 02:51 - 00029046 _____ C:\Windows\setupact.log
2013-08-18 16:55 - 2012-11-01 23:33 - 00000336 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-08-18 16:55 - 2011-05-19 09:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-18 16:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-18 08:58 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 03:54 - 2013-03-19 16:54 - 00003978 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{46E56FE1-E8A7-447D-9D05-4CACB0A4FEED}
2013-08-18 03:49 - 2013-01-31 02:51 - 00217850 _____ C:\Windows\PFRO.log
2013-08-17 18:03 - 2013-08-17 18:03 - 00003619 _____ C:\Users\charly1983\Downloads\gmer.txt
2013-08-17 17:58 - 2013-08-17 17:26 - 00000000 ____D C:\Users\charly1983\Desktop\mbar
2013-08-17 17:39 - 2013-08-17 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-17 17:29 - 2013-08-17 17:29 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Avira
2013-08-17 17:25 - 2013-08-17 17:25 - 12081912 _____ (Malwarebytes Corp.) C:\Users\charly1983\Downloads\mbar-1.06.1.1005.exe
2013-08-17 17:24 - 2013-08-17 17:25 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-17 17:23 - 2013-08-17 17:23 - 00002076 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-17 17:23 - 2013-08-17 17:23 - 00000000 ____D C:\ProgramData\Avira
2013-08-17 17:23 - 2013-08-17 17:23 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-17 17:22 - 2013-08-17 17:17 - 110344048 _____ C:\Users\charly1983\Downloads\avira_free_antivirus85_de.exe
2013-08-17 16:07 - 2013-08-17 16:07 - 00377856 _____ C:\Users\charly1983\Downloads\rt890wfv.exe
2013-08-17 15:14 - 2013-08-17 15:14 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Malwarebytes
2013-08-17 15:14 - 2013-08-17 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 15:12 - 2013-08-17 15:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\charly1983\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-15 03:35 - 2011-05-19 19:14 - 00697082 _____ C:\Windows\system32\perfh007.dat
2013-08-15 03:35 - 2011-05-19 19:14 - 00148346 _____ C:\Windows\system32\perfc007.dat
2013-08-15 03:35 - 2009-07-14 07:13 - 01635332 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 20:28 - 2013-08-11 19:53 - 00000000 ____D C:\Users\charly1983\Desktop\musik
2013-08-11 19:13 - 2012-09-14 01:58 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\vlc
2013-08-11 17:36 - 2011-09-30 00:54 - 00000000 ____D C:\Users\CHARLY~1\AppData\Local\CrashDumps
2013-08-11 17:12 - 2013-08-11 17:12 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-08-11 17:12 - 2013-08-11 17:12 - 00000000 ____D C:\Users\charly1983\Documents\StarBurn
2013-08-11 17:12 - 2013-08-11 17:12 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\StarBurn
2013-08-11 17:11 - 2013-08-11 17:11 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\MediaFilters
2013-08-11 17:11 - 2013-08-11 17:11 - 00000000 ____D C:\Program Files (x86)\StarBurn Software
2013-08-11 17:09 - 2013-08-11 17:07 - 20811512 _____ (StarBurn Software                                          ) C:\Users\charly1983\Downloads\StarBurn151Setup.exe
2013-08-11 17:02 - 2013-08-11 16:58 - 32747816 _____ (Nero AG) C:\Users\charly1983\Downloads\Nero_BurnLite-10.0.10600.exe
2013-08-11 16:49 - 2013-08-11 16:48 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\DeepBurner
2013-08-11 16:47 - 2013-08-11 16:47 - 00000000 ____D C:\Users\charly1983\Downloads\DeepBurner19_Portable
2013-08-11 16:47 - 2013-08-11 16:46 - 03074362 _____ C:\Users\charly1983\Downloads\DeepBurner19_Portable.zip
2013-08-11 16:40 - 2013-08-11 16:40 - 01207896 _____ (Koyote-Lab Inc) C:\Users\charly1983\Downloads\FreeEasyCDDVDBurnerSetup-r101-w-bc (3).exe
2013-08-11 15:42 - 2013-08-11 15:42 - 01207896 _____ (Koyote-Lab Inc) C:\Users\charly1983\Downloads\FreeEasyCDDVDBurnerSetup-r101-w-bc (2).exe
2013-08-11 15:23 - 2013-08-11 15:23 - 01207896 _____ (Koyote-Lab Inc) C:\Users\charly1983\Downloads\FreeEasyCDDVDBurnerSetup-r101-w-bc (1).exe
2013-08-11 15:21 - 2013-08-11 15:21 - 01207896 _____ (Koyote-Lab Inc) C:\Users\charly1983\Downloads\FreeEasyCDDVDBurnerSetup-r101-w-bc.exe
2013-08-11 15:21 - 2013-08-11 15:21 - 00000000 ____D C:\Program Files (x86)\Free Easy CD DVD Burner
2013-08-11 15:12 - 2013-08-11 15:10 - 33177736 _____ (Nero AG) C:\Users\charly1983\Downloads\Nero-9.4.12.708b_lite.exe
2013-08-11 14:47 - 2013-08-11 14:47 - 03292672 _____ (CodeSnake Software) C:\Users\charly1983\Downloads\ExploreBurnSetup-1.5.3.exe
2013-08-05 20:02 - 2013-02-13 10:33 - 00000000 ____D C:\Users\CHARLY~1\AppData\Local\Microsoft Help
2013-07-31 21:02 - 2013-07-28 23:03 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-28 23:08 - 2011-09-25 22:20 - 00000000 ____D C:\Users\CHARLY~1\AppData\Local\Google
2013-07-28 23:03 - 2013-07-18 22:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-28 23:01 - 2013-07-28 23:01 - 00784872 _____ (Google Inc.) C:\Users\charly1983\Downloads\ChromeSetup.exe
2013-07-28 22:56 - 2011-09-01 20:53 - 00000000 ____D C:\Users\charly1983
2013-07-28 22:54 - 2013-07-28 20:41 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\Omiga Plus
2013-07-28 22:54 - 2013-07-28 20:38 - 00000000 ____D C:\ProgramData\eSafe
2013-07-28 22:54 - 2012-11-01 23:32 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-07-28 22:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-28 22:13 - 2013-07-28 22:13 - 00000013 _____ C:\Users\charly1983\www.google[1].xml
2013-07-28 22:12 - 2013-07-28 22:12 - 03667825 _____ C:\Users\charly1983\Trace9.fx
2013-07-28 22:12 - 2013-07-28 22:12 - 00784664 _____ (Google Inc.) C:\Users\charly1983\GoogleUpdateSetup.exef4430
2013-07-28 22:12 - 2013-07-28 22:12 - 00524288 _____ C:\Users\charly1983\WebCacheV01.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00399035 _____ (Microsoft Corporation) C:\Users\charly1983\00000000-405FD5F1.av$
2013-07-28 22:12 - 2013-07-28 22:12 - 00156962 _____ C:\Users\charly1983\Preferences~RF140c30.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00085260 _____ C:\Users\charly1983\jquery-1.5.1.min.js
2013-07-28 22:12 - 2013-07-28 22:12 - 00065536 _____ C:\Users\charly1983\tmp.edb
2013-07-28 22:12 - 2013-07-28 22:12 - 00046786 _____ C:\Users\charly1983\20130624_Double%20Play_CallandSurfComfort_VDSL_Motiv%20Pferderennen_728x90_02_online[1].swf
2013-07-28 22:12 - 2013-07-28 22:12 - 00045199 _____ C:\Users\charly1983\Local State~RF13fb4f.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00044544 _____ C:\Users\charly1983\o2dsl_xx_vdsl_ca_300x250[1].swf
2013-07-28 22:12 - 2013-07-28 22:12 - 00041902 _____ C:\Users\charly1983\square.xcf
2013-07-28 22:12 - 2013-07-28 22:12 - 00040766 _____ C:\Users\charly1983\Upd-2013-07-24-14-34-23.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00039793 _____ C:\Users\charly1983\03a111f3-3cfc-4160-93ea-2984878c0322[1].swf
2013-07-28 22:12 - 2013-07-28 22:12 - 00032768 _____ C:\Users\charly1983\places.sqlite-shm
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E57E.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E56D.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E56C.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E56B.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E56A.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E569.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\E568.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\B315.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\B314.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00028134 _____ C:\Users\charly1983\B313.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00026288 _____ C:\Users\charly1983\Upd-2013-07-20-14-15-40.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00025188 _____ C:\Users\charly1983\Upd-2013-07-21-21-19-20.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00023260 _____ C:\Users\charly1983\Upd-2013-07-24-20-45-59.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00021836 _____ C:\Users\charly1983\icon.xcf
2013-07-28 22:12 - 2013-07-28 22:12 - 00019988 _____ C:\Users\charly1983\d0ab9eb062e2c52d.customDestinations-ms~RF13e55f.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00019238 _____ C:\Users\charly1983\2013.06.20_Double%20Play_CallandSurfComfort_Motiv%20Mouse_300x250_2_online[1].swf
2013-07-28 22:12 - 2013-07-28 22:12 - 00011222 _____ C:\Users\charly1983\Upd-2013-07-25-22-20-17.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00010654 _____ C:\Users\charly1983\frameiconcache.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00009828 _____ C:\Users\charly1983\tabiconcache.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00006764 _____ C:\Users\charly1983\avira-notifier-6944975[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00006324 _____ C:\Users\charly1983\main-v.1.3.5.css
2013-07-28 22:12 - 2013-07-28 22:12 - 00005248 _____ C:\Users\charly1983\newtab.css
2013-07-28 22:12 - 2013-07-28 22:12 - 00005149 _____ C:\Users\charly1983\1[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00005120 _____ C:\Users\charly1983\{E9BFD33A-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00005120 _____ C:\Users\charly1983\{E9BFAC2A-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00004955 _____ C:\Users\charly1983\stats.js
2013-07-28 22:12 - 2013-07-28 22:12 - 00004608 _____ C:\Users\charly1983\RecoveryStore.{D6AFC02E-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00003843 _____ C:\Users\charly1983\28c8b86deab549a1.customDestinations-ms~RF1ac754.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\https_x.myspacecdn.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\https_www.facebook.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\https_www.amazon.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\https_myspace.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_www.wie-sagt-man-noch.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_synonyme.woxikon.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_imagesrv.adition.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_gft2.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_de.wikipedia.org_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003608 _____ C:\Users\charly1983\http_ad.adnet.de_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00003596 _____ C:\Users\charly1983\Upd-2013-07-28-01-31-58.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00003584 _____ C:\Users\charly1983\RecoveryStore.{E9BFD339-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00003584 _____ C:\Users\charly1983\RecoveryStore.{E9BFAC29-7386-11E2-97F9-78843CE3C286}.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_x.myspacecdn.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_www.facebook.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_www.amazon.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_myspace.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\https_chrome.google.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_www.wie-sagt-man-noch.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_synonyme.woxikon.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_imagesrv.adition.com_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_gft2.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_de.wikipedia.org_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00003072 _____ C:\Users\charly1983\http_ad.adnet.de_0.localstorage
2013-07-28 22:12 - 2013-07-28 22:12 - 00002848 _____ C:\Users\charly1983\Weka_800x600_standardt_MCT[2].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00002848 _____ C:\Users\charly1983\Weka_800x600_standardt_MCT[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00002766 _____ C:\Users\charly1983\universal[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00002698 _____ C:\Users\charly1983\ZipFileLicense.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00002516 _____ C:\Users\charly1983\MpCmdRun.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00002066 _____ C:\Users\charly1983\ie8[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00001722 _____ C:\Users\charly1983\index_quer2[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00001471 _____ C:\Users\charly1983\1[2].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00001349 _____ C:\Users\charly1983\clip_image001.emz
2013-07-28 22:12 - 2013-07-28 22:12 - 00001163 _____ C:\Users\charly1983\004353.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00001093 _____ C:\Users\charly1983\notifier_avira_com[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000892 _____ C:\Users\charly1983\NVLSBT49.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000699 _____ C:\Users\charly1983\CZbackground.html
2013-07-28 22:12 - 2013-07-28 22:12 - 00000669 _____ C:\Users\charly1983\vcm_platzhalter_300x250[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000668 _____ C:\Users\charly1983\vcm_platzhalter_728x90[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000656 _____ C:\Users\charly1983\manifest.json
2013-07-28 22:12 - 2013-07-28 22:12 - 00000556 _____ C:\Users\charly1983\TransportSecurity~RF13fc77.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000532 _____ C:\Users\charly1983\8YU6O5MV.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000512 _____ C:\Users\charly1983\https_chrome.google.com_0.localstorage-journal
2013-07-28 22:12 - 2013-07-28 22:12 - 00000496 _____ C:\Users\charly1983\newtab.html
2013-07-28 22:12 - 2013-07-28 22:12 - 00000465 _____ C:\Users\charly1983\settings.sol
2013-07-28 22:12 - 2013-07-28 22:12 - 00000355 _____ C:\Users\charly1983\HZR8X5C6.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000331 _____ C:\Users\charly1983\AF_zalando_outlet_400x535[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000301 _____ C:\Users\charly1983\2GO0BW9S.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000231 _____ C:\Users\charly1983\springer_50-50[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000230 _____ C:\Users\charly1983\settings.json
2013-07-28 22:12 - 2013-07-28 22:12 - 00000226 _____ C:\Users\charly1983\GTSV3822.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000188 _____ C:\Users\charly1983\Default[1].aspx
2013-07-28 22:12 - 2013-07-28 22:12 - 00000187 _____ C:\Users\charly1983\background.html
2013-07-28 22:12 - 2013-07-28 22:12 - 00000172 _____ C:\Users\charly1983\LDHQU6AW.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000146 _____ C:\Users\charly1983\FX8OL02O.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000134 _____ C:\Users\charly1983\H0CE7LV6.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000112 _____ C:\Users\charly1983\9K5Q3KL2.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000103 _____ C:\Users\charly1983\SnackTV.sol
2013-07-28 22:12 - 2013-07-28 22:12 - 00000090 _____ C:\Users\charly1983\VCRBGFPV.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000089 _____ C:\Users\charly1983\7PWAZE0O.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000088 _____ C:\Users\charly1983\redirect.html
2013-07-28 22:12 - 2013-07-28 22:12 - 00000086 _____ C:\Users\charly1983\AYOIKY53.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000085 _____ C:\Users\charly1983\ZC9GYH5G.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000085 _____ C:\Users\charly1983\CUP14R7N.txt
2013-07-28 22:12 - 2013-07-28 22:12 - 00000084 _____ C:\Users\charly1983\secure.img-cdn.mediaplex[1].xml
2013-07-28 22:12 - 2013-07-28 22:12 - 00000043 _____ C:\Users\charly1983\gif[1].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000038 _____ C:\Users\charly1983\000934.log
2013-07-28 22:12 - 2013-07-28 22:12 - 00000016 _____ C:\Users\charly1983\CURRENT~RF1606c4.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000016 _____ C:\Users\charly1983\CURRENT~RF15ee64.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000016 _____ C:\Users\charly1983\CURRENT~RF15e8a9.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000008 _____ C:\Users\charly1983\PLAB.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00000001 _____ C:\Users\charly1983\softupdate[4].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000001 _____ C:\Users\charly1983\softupdate[3].htm
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 ___HT C:\Users\charly1983\Preferences~RF13e12a.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 ___HT C:\Users\charly1983\CURRENT~RF73f9e.TMP
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\EtwRTMsMpPsSession7.etl
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\DMI4AB5.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\container.dat
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\B312.tmp
2013-07-28 22:12 - 2013-07-28 22:12 - 00000000 _____ C:\Users\charly1983\003815.log
2013-07-28 20:49 - 2013-07-28 20:41 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-07-28 20:47 - 2013-07-28 20:47 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\337 Wallpaper
2013-07-28 20:42 - 2013-07-28 20:41 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\337
2013-07-28 20:41 - 2013-07-28 20:41 - 00000000 ____D C:\Users\charly1983\AppData\Roaming\WinZipper
2013-07-26 07:13 - 2013-08-15 03:38 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 03:38 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 03:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 03:38 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 03:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 03:38 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 03:38 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 03:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 03:38 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 03:38 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 03:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 03:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 23:11 - 2011-02-11 01:03 - 01591234 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-25 11:25 - 2013-08-15 03:08 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 03:08 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-23 22:16 - 2012-10-13 22:33 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2013-07-21 22:00 - 2013-07-21 22:00 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
2013-07-19 03:58 - 2013-08-15 03:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 03:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-19 00:54 - 2011-09-01 20:55 - 00000000 ___RD C:\Users\charly1983\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Files to move or delete:
====================
C:\Users\charly1983\container.dat
C:\Users\charly1983\frameiconcache.dat
C:\Users\charly1983\RecoveryStore.{D6AFC02E-7386-11E2-97F9-78843CE3C286}.dat
C:\Users\charly1983\RecoveryStore.{E9BFAC29-7386-11E2-97F9-78843CE3C286}.dat
C:\Users\charly1983\RecoveryStore.{E9BFD339-7386-11E2-97F9-78843CE3C286}.dat
C:\Users\charly1983\tabiconcache.dat
C:\Users\charly1983\{E9BFAC2A-7386-11E2-97F9-78843CE3C286}.dat
C:\Users\charly1983\{E9BFD33A-7386-11E2-97F9-78843CE3C286}.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-04-22 12:14

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

und hier die Addition.txtFRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-08-2013 01
Ran by charly1983 at 2013-08-18 18:22:51
Running from C:\Users\charly1983\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.5) MUI (x32 Version: 10.1.5)
Alps Pointing-device for VAIO
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Atheros WiFi Driver Installation (x32 Version: 3.0)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
CDBurnerXP (x32 Version: 4.5.0.3685)
Conexant HD Audio (Version: 8.54.0.53)
D3DX10 (x32 Version: 15.4.2368.0902)
DVDvideoSoft 2.0 Toolbar (x32 Version: 6.11.2.6)
eaner (Version: 3.20)
FlashFXP v4.2 (x32 Version: 4.2.5.1810)
Free YouTube to MP3 Converter version 3.12.1.320 (x32 Version: 3.12.1.320)
Glary Utilities 2.52.0.1698 (x32 Version: 2.52.0.1698)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
HP Photo Creations (x32 Version: 1.0.0.7702)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Photosmart Plus B210 series Hilfe (x32 Version: 140.0.54.54)
HP Update (x32 Version: 5.003.003.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046)
iTunes (Version: 11.0.2.26)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Media Gallery (Version: 1.5.0.16020)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 1.1.500.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Native Instruments Audio 8 DJ (Version: 3.0.0.625)
Native Instruments Traktor 2 (Version: 2.0.3.10893)
NVIDIA 3D Vision Treiber 269.73 (Version: 269.73)
NVIDIA Grafiktreiber 269.73 (Version: 269.73)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (x32 Version: 9.12.0507)
NVIDIA PhysX-Systemsoftware 9.12.0507 (Version: 9.12.0507)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6973)
NVIDIA Systemsteuerung 269.73 (Version: 269.73)
PhotoScape (x32)
PlayMemories Home Plug-in (Version: 2.0.00.14170)
PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data (x32 Version: 1.0.00.16130)
PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program (x32 Version: 2.2.00.18250)
PMB (x32 Version: 5.5.02.12220)
PMB VAIO Edition Plug-in (x32 Version: 1.5.00.02250)
PokerStars.eu (x32)
Qualcomm Atheros Direct Connect (x32 Version: 3.0)
Quick Web Access (x32 Version: 1.4.6.9)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.92)
Skype™ 5.10 (x32 Version: 5.10.116)
Sony Corporation (Version: 1.0.0)
SSLx64 (Version: 1.0.0)
SSLx86 (x32 Version: 1.0.0)
StarBurn Version 15.1 (Build 0x20130715) (x32 Version: 15.1)
Studie zur Verbesserung von HP Photosmart Plus B210 series Produkten (Version: 28.0.1315.0)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2)
U3Launcher (x32 Version: 1.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VAIO - Media Gallery (x32 Version: 1.5.0.16020)
VAIO - PlayMemories Home Plug-in (x32 Version: 2.2.00.18250)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.02250)
VAIO Care (Version: 8.1.0.10120)
VAIO Care (x32 Version: 6.4.0.15030)
VAIO Control Center (x32 Version: 4.5.0.03040)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140)
VAIO Easy Connect (x32 Version: 1.1.2.01120)
VAIO Event Service (x32 Version: 5.5.0.03040)
VAIO Gate (x32 Version: 2.3.0.11090)
VAIO Gate Default (x32 Version: 2.4.0.03240)
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280)
VAIO Improvement Validation (Version: 1.0.4.01190)
VAIO Sample Contents (x32 Version: 1.4.2.09010)
VAIO Smart Network (x32 Version: 3.8.0.08120)
VAIO Update (x32 Version: 6.2.1.03260)
VAIO-Support für Übertragungen (x32 Version: 1.4.0.14230)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VCCx86 (x32 Version: 1.0.0)
VESx64 (Version: 1.0.0)
VESx86 (x32 Version: 1.0.0)
VLC media player 2.0.3 (x32 Version: 2.0.3)
VSNx64 (Version: 1.0.0)
VSNx86 (x32 Version: 1.0.0)
VU5x64 (Version: 1.1.0)
VU5x86 (x32 Version: 1.0.0)
VU5x86 (x32 Version: 1.1.0)
VWSTx86 (x32 Version: 1.0.0)
WebConnect 3.0.0 (Version: 3.0.0)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
WISO Steuer 2013 (HKCU Version: 20.00.8137)

==================== Restore Points  =========================

28-07-2013 20:52:18 Wiederherstellungsvorgang
30-07-2013 17:01:08 Windows Update
02-08-2013 19:38:43 Windows Update
04-08-2013 20:11:55 Windows-Sicherung
06-08-2013 20:32:39 Windows Update
10-08-2013 11:05:52 Windows Update
11-08-2013 12:47:50 Installed Explore&Burn v1.5.3
11-08-2013 13:02:57 Removed Explore&Burn v1.5.3
11-08-2013 15:11:44 SPTD setup V1.83
11-08-2013 17:00:01 Windows-Sicherung
12-08-2013 20:25:23 Windows Update
15-08-2013 01:32:57 Windows Update
18-08-2013 14:43:17 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08313B6E-D881-42D6-AA7A-B94D994CD741} - System32\Tasks\{850D3EC7-2BAB-4582-81F0-C89A33E7FB39} => C:\Users\charly1983\AppData\Local\Google\Chrome\Application\chrome.exe No File
Task: {0BD78BF8-14BB-496F-9848-C5964064A2D0} - System32\Tasks\{E0EDDD29-2773-477B-880B-AEC1A89D1BE1} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
Task: {0C99AEA4-C4FA-40DF-9D19-794BF3433425} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {0CA0ED80-A13A-4C2C-A19F-7A6848CB7BF0} - System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} => C:\Windows\system32\msfeedssync.exe [2013-03-18] (Microsoft Corporation)
Task: {0E6F114F-3D37-4637-9CBD-3294EB0CF3D0} - System32\Tasks\Dealply => C:\Users\CHARLY~1\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe No File
Task: {114BBB2C-7451-4BEE-ADDD-3A8C95AA813C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {131E13A3-E61D-4BFB-8118-C496FF126D7C} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {2656E201-E473-4F1C-AE21-F680B08E7016} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient No File
Task: {2932BAB3-F89F-4757-B522-32BD16879DDF} - System32\Tasks\Funmoods => C:\Users\CHARLY~1\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe No File
Task: {2A235801-A845-4927-8C88-5AB12D9344F8} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {2E1BDABB-0298-4990-B0CF-0BF1E976F6F2} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {33D9D73B-85B9-47A8-BB8A-6F9ADEF2CB50} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {4050E2DB-1D6F-4FDA-A1BE-CD900BE4DC2B} - System32\Tasks\{59B8242D-E09C-4167-B25A-9797B55F4B58} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
Task: {40BBCFCE-AB3D-4EA2-9929-55D48041BBD0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {4EFD1743-E972-4AA6-BE03-04C82BBEF8E0} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {54D0E0D8-8901-4FA0-8813-5F2C639F79CE} - System32\Tasks\Google Updater and Installer => C:\Users\charly1983\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {57BD232A-503D-41BB-93E7-A57EC741A5BF} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {5A1761EE-E280-4D2E-A6D3-200BFE8E3001} - System32\Tasks\{6CE333F2-A813-4F97-93DA-F2C4A6F23DF9} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
Task: {670B739A-5D24-4EFC-8579-D068A767320A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-03-26] (Sony Corporation)
Task: {6E60CAAC-ADE4-46ED-B88B-D8A263D7DFB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18] (Google Inc.)
Task: {73C3A1DF-2F9E-4141-954C-1E2417CF4B7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {8925530E-65C0-463D-990E-0A63F3AD1246} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {9137BDCD-1F39-4F53-8963-B2A087B18865} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File
Task: {96080918-D351-4288-9CFE-CCA55BE813EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18] (Google Inc.)
Task: {A48DC56A-C7FC-4326-B380-D6964957D15D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {AABC36F4-88DB-4D35-88CC-5A6F785738FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {AABD61A4-573E-4311-81AF-83CBAFCF6ACF} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AC4874EF-7005-4E9F-9D86-587B60DB59BF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {ACDE1D39-68F5-4BB3-BC82-2AEDCA5D79AD} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-01-05] (Glarysoft Ltd)
Task: {AE5E9972-B83D-4982-86CB-A35FEA972982} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-03-26] (Sony Corporation)
Task: {B63A2DAC-76D1-4C9C-932C-5C4DACB0460A} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {BF1049E2-94B8-463A-B58B-CF22F5A6C2BB} - System32\Tasks\{00C4AA04-03AF-40F7-944E-E514878A60DA} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
Task: {C4D10B9D-6E38-48DF-8A7D-82DDC0309DA9} - System32\Tasks\DSite => C:\Users\CHARLY~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe No File
Task: {C8EDD055-971D-4733-A732-DB2F94F77F69} - System32\Tasks\User_Feed_Synchronization-{46E56FE1-E8A7-447D-9D05-4CACB0A4FEED} => C:\Windows\system32\msfeedssync.exe [2013-03-18] (Microsoft Corporation)
Task: {C98FCEDB-2B3A-4524-98B3-0C5416EACDE9} - System32\Tasks\{D56EABE2-A489-4E84-905C-D5AF732CF4DD} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
Task: {D7611A13-B036-454E-A708-C8661865D8B6} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {DBF74576-746A-4860-B0AF-E50C3D91D9B5} - System32\Tasks\{FEDEA130-D12B-4880-ACCE-E0E0BA16671D} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
Task: {E9105E5D-F3B9-47D7-A0C2-741285455743} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-03-26] (Sony Corporation)
Task: {ECB7B1CC-2F7B-43B1-A88D-13081C0852EF} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {FA66D22D-BEFB-4046-8E33-E36688C9DA30} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {FBCA94AA-3B40-42AE-826D-EBDBE213227D} - System32\Tasks\{F68E4888-6FD2-4B0A-BA85-8955C163D4C8} => C:\Users\charly1983\AppData\Local\Google\Chrome\Application\chrome.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\CHARLY~1\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\CHARLY~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2013 06:00:24 PM) (Source: MsiInstaller) (User: charly1983-VAIO)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi

Error: (08/18/2013 04:56:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2013 04:31:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2013 03:30:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2013 08:58:35 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wbemsvc.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be08c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000100e4
ID des fehlerhaften Prozesses: 0x174
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (08/18/2013 03:51:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 04:12:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 03:36:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 03:25:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 03:00:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/18/2013 06:21:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2

Error: (08/18/2013 06:21:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2

Error: (08/18/2013 06:21:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2

Error: (08/18/2013 06:21:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2

Error: (08/18/2013 06:21:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2

Error: (08/18/2013 06:21:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2

Error: (08/18/2013 06:16:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2

Error: (08/18/2013 06:16:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2

Error: (08/18/2013 06:16:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062

Error: (08/18/2013 06:16:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 4077.86 MB
Available physical RAM: 2345.38 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 6047.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.15 GB) (Free:397.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 24DDFD60)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

P.s ich wusste nich genau was du mit dem Symbol meinst!

aharonov 18.08.2013 17:36
Hallo Sylvia,

dann gehen wir es an:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Schritt 3

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 4

Falls noch nicht vorhanden, lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Code:
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /600
C:\Windows\SysNative\*.dll /600
C:\Windows\SysWOW64\*.dll /600
  • Schliesse bitte nun alle anderen Programme.
  • Klicke nun auf den Quick Scan Button.
  • Kopiere danach den Inhalt von OTL.txt und Extras.txt hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von JRT
  • Log von Combofix
  • Logs von OTL

charly1601 18.08.2013 17:47
Okay.......ich werd mir Mühe geben........bin nämlich nicht der Super Freak was Pc angeht!

aharonov 18.08.2013 17:50
Einfach nur Schritt für Schritt den Anleitungen folgen, dann klappt das schon. ;)

charly1601 18.08.2013 18:48
AdwCleaner Logfile:
Code:
# AdwCleaner v2.306 - Datei am 18/08/2013 um 18:53:04 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : charly1983 - CHARLY1983-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\charly1983\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\BabylonMngr.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\FBDownloader.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SearchTheWeb.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SweetIM Search.xml
Datei Gelöscht : C:\Users\charly1983\Documents\Uninstall.exe
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive
Ordner Gelöscht : C:\Program Files (x86)\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\Smartdl
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\wxDfast
Ordner Gelöscht : C:\Users\CHARLY~1\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\CHARLY~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\APN
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\337
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\HMN
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\crossriderapp2258@crossrider.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\crossriderapp4479@crossrider.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\ffxtlbra@softonic.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\specialsavings@superfish.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\staged
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Omiga Plus
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\SDIV 2.0
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\yourfiledownloader

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\5d2d98ab169bf10
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3279453
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aiennapmieppnpfhhogglccgepbdajan
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{313D7894-DF04-42CD-8D1D-39FCDDC54C8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5B6FDA6-54BD-432B-8A40-2397F60C1EAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=647C90004EC4451D&affID=119357&tt=180813_220&tsp=4978 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=acd1be3c-917d-46aa-8134-3352f9f10ece&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=acd1be3c-917d-46aa-8134-3352f9f10ece&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=acd1be3c-917d-46aa-8134-3352f9f10ece&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\prefs.js

C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\user.js ... Gelöscht !

Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={459F018E-5E78-4278-AFBA-[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.searchplusnetwork.com/?sp=vit4&q="[...]
Gelöscht : user_pref("extensions.fbdownloader.issearch", true);
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbd[...]

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\charly1983\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2782] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=647C90004EC4451D&affID=119357&tt=1[...]

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\charly1983\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : Home URL=hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=

*************************

AdwCleaner[S1].txt - [352 octets] - [18/08/2013 18:52:26]
AdwCleaner[S2].txt - [30888 octets] - [18/08/2013 18:53:04]

########## EOF - C:\AdwCleaner[S2].txt - [30949 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by charly1983 on 18.08.2013 at 19:16:04,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\intermediate
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\scheck
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ssync



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\httogroup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO3_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_fexplorer (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_fexplorer (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (3)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (3)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-winoptimizer-free_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-winoptimizer-free_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cib-pdf-brewer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cib-pdf-brewer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities-portable_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities-portable_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_google-play-store-apk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_google-play-store-apk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_libreoffice_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_libreoffice_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_parents-friend_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_parents-friend_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_sweepi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_sweepi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii-portable_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii-portable_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_yed_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_yed_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11[2]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11[2]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskToolbarNRO3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskToolbarNRO3_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_fexplorer (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_fexplorer (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (3)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (3)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-winoptimizer-free_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-winoptimizer-free_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cib-pdf-brewer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cib-pdf-brewer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities-portable_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities-portable_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_google-play-store-apk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_google-play-store-apk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_libreoffice_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_libreoffice_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_parents-friend_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_parents-friend_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_sweepi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_sweepi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii-portable_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii-portable_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_yed_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_yed_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11[2]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11[2]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5A8097A9-95B8-44A5-BB98-647C95D6777B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D5188DF2-F36A-46D9-8F50-BDE50D0AFD77}



~~~ Files

Successfully deleted: [File] "C:\chatzum_nt.exe"
Successfully deleted: [File] "C:\Windows\syswow64\authuitu.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\intermediate"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\scheck"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\ssync"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\charly1983\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\charly1983\appdata\locallow\datamngr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.08.2013 at 19:21:37,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


Combofix Logfile:
Code:
ComboFix 13-08-18.01 - charly1983 18.08.2013  19:29:34.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4078.2468 [GMT 2:00]
ausgeführt von:: c:\users\charly1983\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
C:\torrent.exe
c:\users\charly1983\00000000-405FD5F1.av$
c:\users\charly1983\1[1].htm
c:\users\charly1983\1[2].htm
c:\users\charly1983\28c8b86deab549a1.customDestinations-ms~RF1ac754.TMP
c:\users\charly1983\AppData\Roaming\convert\convert.exe
c:\users\charly1983\B312.tmp
c:\users\charly1983\B313.tmp
c:\users\charly1983\B314.tmp
c:\users\charly1983\B315.tmp
c:\users\charly1983\CURRENT~RF15e8a9.TMP
c:\users\charly1983\CURRENT~RF15ee64.TMP
c:\users\charly1983\CURRENT~RF1606c4.TMP
c:\users\charly1983\CURRENT~RF73f9e.TMP
c:\users\charly1983\d0ab9eb062e2c52d.customDestinations-ms~RF13e55f.TMP
c:\users\charly1983\DMI4AB5.tmp
c:\users\charly1983\E568.tmp
c:\users\charly1983\E569.tmp
c:\users\charly1983\E56A.tmp
c:\users\charly1983\E56B.tmp
c:\users\charly1983\E56C.tmp
c:\users\charly1983\E56D.tmp
c:\users\charly1983\E57E.tmp
c:\users\charly1983\GoogleUpdateSetup.exef4430
c:\users\charly1983\Local State~RF13fb4f.TMP
c:\users\charly1983\PLAB.tmp
c:\users\charly1983\Preferences~RF13e12a.TMP
c:\users\charly1983\Preferences~RF140c30.TMP
c:\users\charly1983\TransportSecurity~RF13fc77.TMP
c:\users\charly1983\WebCacheV01.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-18 bis 2013-08-18  ))))))))))))))))))))))))))))))
.
.
2013-08-18 17:16 . 2013-08-18 17:16        --------        d-----w-        c:\windows\ERUNT
2013-08-18 16:53 . 2013-08-18 16:54        156        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-08-18 16:11 . 2013-08-18 16:11        --------        d-----w-        C:\FRST
2013-08-18 16:00 . 2013-08-18 16:00        --------        d-----w-        c:\program files (x86)\WebConnect
2013-08-17 15:29 . 2013-08-17 15:29        --------        d-----w-        c:\users\charly1983\AppData\Roaming\Avira
2013-08-17 15:26 . 2013-08-17 15:39        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-17 15:25 . 2013-08-17 15:24        83672        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-08-17 15:23 . 2013-07-18 06:02        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-08-17 15:23 . 2013-07-18 06:02        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-08-17 15:23 . 2013-03-06 14:13        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-08-17 15:23 . 2013-08-17 15:23        --------        d-----w-        c:\programdata\Avira
2013-08-17 15:23 . 2013-08-17 15:23        --------        d-----w-        c:\program files (x86)\Avira
2013-08-17 13:14 . 2013-08-17 13:14        --------        d-----w-        c:\users\charly1983\AppData\Roaming\Malwarebytes
2013-08-17 13:14 . 2013-08-17 13:14        --------        d-----w-        c:\programdata\Malwarebytes
2013-08-16 18:33 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBC25100-AFA2-4AD2-98CB-D3A4F91A2C66}\mpengine.dll
2013-08-15 01:08 . 2013-07-19 01:58        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-08-15 01:07 . 2013-07-06 06:03        1910208        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-08-15 01:07 . 2013-06-15 04:32        39936        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2013-08-11 15:12 . 2013-08-11 15:12        --------        d-----w-        c:\users\charly1983\AppData\Roaming\StarBurn
2013-08-11 15:12 . 2013-08-11 15:12        564824        ----a-w-        c:\windows\system32\drivers\sptd.sys
2013-08-11 15:11 . 2013-08-11 15:11        --------        d-----w-        c:\users\charly1983\AppData\Roaming\MediaFilters
2013-08-11 15:11 . 2013-08-11 15:11        --------        d-----w-        c:\program files (x86)\StarBurn Software
2013-08-11 14:48 . 2013-08-11 14:49        --------        d-----w-        c:\users\charly1983\AppData\Roaming\DeepBurner
2013-08-11 13:21 . 2013-08-11 13:21        --------        d-----w-        c:\program files (x86)\Free Easy CD DVD Burner
2013-07-28 20:12 . 2013-07-28 20:12        4955        ----a-w-        c:\users\charly1983\stats.js
2013-07-28 20:12 . 2013-07-28 20:12        85260        ----a-w-        c:\users\charly1983\jquery-1.5.1.min.js
2013-07-28 18:47 . 2013-07-28 18:47        --------        d-----w-        c:\users\charly1983\AppData\Roaming\337 Wallpaper
2013-07-28 18:41 . 2013-07-28 18:49        --------        d-----w-        c:\program files (x86)\WinZipper
2013-07-28 18:41 . 2013-07-28 18:41        --------        d-----w-        c:\users\charly1983\AppData\Roaming\WinZipper
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 04:45 . 2013-08-15 01:08        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-06-13 14:27 . 2012-08-09 14:07        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 14:27 . 2012-06-10 20:58        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:34 . 2013-07-11 19:31        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 19:31        624128        ----a-w-        c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 19:31        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2316c625-b487-4410-a1a5-ff040b65245f}]
2013-08-17 17:07        149288        ----a-w-        c:\program files (x86)\WebConnect\WebConnectBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart Plus B210 series (NET)"="c:\program files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-18 345144]
.
c:\users\charly1983\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-6-30 1386136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Update WK;Update WK;c:\program files (x86)\WebConnect\updateWebConnect.exe;c:\program files (x86)\WebConnect\updateWebConnect.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 19:01        1173456        ----a-w-        c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 14:27]
.
2013-08-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-11-01 23:26]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18 20:50]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18 20:50]
.
2013-07-21 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
- c:\program files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28 12:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-18  19:37:24
ComboFix-quarantined-files.txt  2013-08-18 17:37
.
Vor Suchlauf: 13 Verzeichnis(se), 426.853.548.032 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 426.794.266.624 Bytes frei
.
- - End Of File - - 3CB6CA55D6DD3AF35B0A2972A3731124
--- --- ---

welche codes meinst du?welche soll ich weglassen?

aharonov 18.08.2013 19:23
Zitat:
welche codes meinst du?welche soll ich weglassen?
Sorry, ich versteh nicht ganz, was du damit meinst..
Geht es um den Schritt 4? Dort musst du einfach die paar Zeilen, die in der Codebox in der Anleitung stehen, kopieren und in die Textbox von OTL einfügen.

charly1601 18.08.2013 19:43
ok hier sind die 4 Logs:AdwCleaner Logfile:
Code:
# AdwCleaner v2.306 - Datei am 18/08/2013 um 18:53:04 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : charly1983 - CHARLY1983-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\charly1983\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\BabylonMngr.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\FBDownloader.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SearchTheWeb.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\searchplugins\SweetIM Search.xml
Datei Gelöscht : C:\Users\charly1983\Documents\Uninstall.exe
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive
Ordner Gelöscht : C:\Program Files (x86)\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\Smartdl
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\wxDfast
Ordner Gelöscht : C:\Users\CHARLY~1\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\CHARLY~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\APN
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\charly1983\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Users\charly1983\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\337
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\HMN
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\crossriderapp2258@crossrider.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\crossriderapp4479@crossrider.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\ffxtlbra@softonic.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\specialsavings@superfish.com
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\staged
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\Omiga Plus
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\SDIV 2.0
Ordner Gelöscht : C:\Users\charly1983\AppData\Roaming\yourfiledownloader

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\5d2d98ab169bf10
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3279453
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aiennapmieppnpfhhogglccgepbdajan
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{313D7894-DF04-42CD-8D1D-39FCDDC54C8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5B6FDA6-54BD-432B-8A40-2397F60C1EAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=647C90004EC4451D&affID=119357&tt=180813_220&tsp=4978 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=acd1be3c-917d-46aa-8134-3352f9f10ece&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=acd1be3c-917d-46aa-8134-3352f9f10ece&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=acd1be3c-917d-46aa-8134-3352f9f10ece&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\prefs.js

C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\user.js ... Gelöscht !

Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={459F018E-5E78-4278-AFBA-[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.searchplusnetwork.com/?sp=vit4&q="[...]
Gelöscht : user_pref("extensions.fbdownloader.issearch", true);
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbd[...]

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\charly1983\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2782] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=647C90004EC4451D&affID=119357&tt=1[...]

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\charly1983\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : Home URL=hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=

*************************

AdwCleaner[S1].txt - [352 octets] - [18/08/2013 18:52:26]
AdwCleaner[S2].txt - [30888 octets] - [18/08/2013 18:53:04]

########## EOF - C:\AdwCleaner[S2].txt - [30949 octets] ##########
--- --- ---


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by charly1983 on 18.08.2013 at 19:16:04,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\intermediate
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\scheck
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ssync



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\httogroup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO3_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_fexplorer (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_fexplorer (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (3)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (3)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-winoptimizer-free_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-winoptimizer-free_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cib-pdf-brewer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cib-pdf-brewer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities-portable_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities-portable_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_google-play-store-apk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_google-play-store-apk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_libreoffice_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_libreoffice_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_parents-friend_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_parents-friend_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_sweepi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_sweepi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii-portable_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii-portable_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_yed_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_yed_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11[2]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11[2]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskToolbarNRO3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskToolbarNRO3_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluetooth-driver-installer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_fexplorer (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_fexplorer (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-play-apk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_apache-openoffice_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (3)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market (3)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_appbrain-app-market_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-winoptimizer-free_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-winoptimizer-free_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cib-pdf-brewer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cib-pdf-brewer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities-portable_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities-portable_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_glary-utilities_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_google-play-store-apk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_google-play-store-apk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_gpl-ghostscript_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_libreoffice_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_libreoffice_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_parents-friend_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_parents-friend_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_sweepi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_sweepi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii-portable_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii-portable_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_yed_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_yed_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11[2]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11[2]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5A8097A9-95B8-44A5-BB98-647C95D6777B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D5188DF2-F36A-46D9-8F50-BDE50D0AFD77}



~~~ Files

Successfully deleted: [File] "C:\chatzum_nt.exe"
Successfully deleted: [File] "C:\Windows\syswow64\authuitu.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\intermediate"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\scheck"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\ssync"
Successfully deleted: [Folder] "C:\Users\charly1983\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\charly1983\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\charly1983\appdata\locallow\datamngr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.08.2013 at 19:21:37,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

oh backe.......haste da noch nen Überblick....hab versucht alle 4 Logs in die Nachricht zu bekommen.....

Combofix Logfile:
Code:
ComboFix 13-08-18.01 - charly1983 18.08.2013  19:29:34.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4078.2468 [GMT 2:00]
ausgeführt von:: c:\users\charly1983\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
C:\torrent.exe
c:\users\charly1983\00000000-405FD5F1.av$
c:\users\charly1983\1[1].htm
c:\users\charly1983\1[2].htm
c:\users\charly1983\28c8b86deab549a1.customDestinations-ms~RF1ac754.TMP
c:\users\charly1983\AppData\Roaming\convert\convert.exe
c:\users\charly1983\B312.tmp
c:\users\charly1983\B313.tmp
c:\users\charly1983\B314.tmp
c:\users\charly1983\B315.tmp
c:\users\charly1983\CURRENT~RF15e8a9.TMP
c:\users\charly1983\CURRENT~RF15ee64.TMP
c:\users\charly1983\CURRENT~RF1606c4.TMP
c:\users\charly1983\CURRENT~RF73f9e.TMP
c:\users\charly1983\d0ab9eb062e2c52d.customDestinations-ms~RF13e55f.TMP
c:\users\charly1983\DMI4AB5.tmp
c:\users\charly1983\E568.tmp
c:\users\charly1983\E569.tmp
c:\users\charly1983\E56A.tmp
c:\users\charly1983\E56B.tmp
c:\users\charly1983\E56C.tmp
c:\users\charly1983\E56D.tmp
c:\users\charly1983\E57E.tmp
c:\users\charly1983\GoogleUpdateSetup.exef4430
c:\users\charly1983\Local State~RF13fb4f.TMP
c:\users\charly1983\PLAB.tmp
c:\users\charly1983\Preferences~RF13e12a.TMP
c:\users\charly1983\Preferences~RF140c30.TMP
c:\users\charly1983\TransportSecurity~RF13fc77.TMP
c:\users\charly1983\WebCacheV01.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-18 bis 2013-08-18  ))))))))))))))))))))))))))))))
.
.
2013-08-18 17:16 . 2013-08-18 17:16        --------        d-----w-        c:\windows\ERUNT
2013-08-18 16:53 . 2013-08-18 16:54        156        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-08-18 16:11 . 2013-08-18 16:11        --------        d-----w-        C:\FRST
2013-08-18 16:00 . 2013-08-18 16:00        --------        d-----w-        c:\program files (x86)\WebConnect
2013-08-17 15:29 . 2013-08-17 15:29        --------        d-----w-        c:\users\charly1983\AppData\Roaming\Avira
2013-08-17 15:26 . 2013-08-17 15:39        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-17 15:25 . 2013-08-17 15:24        83672        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-08-17 15:23 . 2013-07-18 06:02        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-08-17 15:23 . 2013-07-18 06:02        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-08-17 15:23 . 2013-03-06 14:13        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-08-17 15:23 . 2013-08-17 15:23        --------        d-----w-        c:\programdata\Avira
2013-08-17 15:23 . 2013-08-17 15:23        --------        d-----w-        c:\program files (x86)\Avira
2013-08-17 13:14 . 2013-08-17 13:14        --------        d-----w-        c:\users\charly1983\AppData\Roaming\Malwarebytes
2013-08-17 13:14 . 2013-08-17 13:14        --------        d-----w-        c:\programdata\Malwarebytes
2013-08-16 18:33 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBC25100-AFA2-4AD2-98CB-D3A4F91A2C66}\mpengine.dll
2013-08-15 01:08 . 2013-07-19 01:58        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-08-15 01:07 . 2013-07-06 06:03        1910208        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-08-15 01:07 . 2013-06-15 04:32        39936        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2013-08-11 15:12 . 2013-08-11 15:12        --------        d-----w-        c:\users\charly1983\AppData\Roaming\StarBurn
2013-08-11 15:12 . 2013-08-11 15:12        564824        ----a-w-        c:\windows\system32\drivers\sptd.sys
2013-08-11 15:11 . 2013-08-11 15:11        --------        d-----w-        c:\users\charly1983\AppData\Roaming\MediaFilters
2013-08-11 15:11 . 2013-08-11 15:11        --------        d-----w-        c:\program files (x86)\StarBurn Software
2013-08-11 14:48 . 2013-08-11 14:49        --------        d-----w-        c:\users\charly1983\AppData\Roaming\DeepBurner
2013-08-11 13:21 . 2013-08-11 13:21        --------        d-----w-        c:\program files (x86)\Free Easy CD DVD Burner
2013-07-28 20:12 . 2013-07-28 20:12        4955        ----a-w-        c:\users\charly1983\stats.js
2013-07-28 20:12 . 2013-07-28 20:12        85260        ----a-w-        c:\users\charly1983\jquery-1.5.1.min.js
2013-07-28 18:47 . 2013-07-28 18:47        --------        d-----w-        c:\users\charly1983\AppData\Roaming\337 Wallpaper
2013-07-28 18:41 . 2013-07-28 18:49        --------        d-----w-        c:\program files (x86)\WinZipper
2013-07-28 18:41 . 2013-07-28 18:41        --------        d-----w-        c:\users\charly1983\AppData\Roaming\WinZipper
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 04:45 . 2013-08-15 01:08        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-06-13 14:27 . 2012-08-09 14:07        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 14:27 . 2012-06-10 20:58        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:34 . 2013-07-11 19:31        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 19:31        624128        ----a-w-        c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 19:31        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2316c625-b487-4410-a1a5-ff040b65245f}]
2013-08-17 17:07        149288        ----a-w-        c:\program files (x86)\WebConnect\WebConnectBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart Plus B210 series (NET)"="c:\program files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-18 345144]
.
c:\users\charly1983\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-6-30 1386136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Update WK;Update WK;c:\program files (x86)\WebConnect\updateWebConnect.exe;c:\program files (x86)\WebConnect\updateWebConnect.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 19:01        1173456        ----a-w-        c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 14:27]
.
2013-08-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-11-01 23:26]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18 20:50]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18 20:50]
.
2013-07-21 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
- c:\program files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28 12:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-18  19:37:24
ComboFix-quarantined-files.txt  2013-08-18 17:37
.
Vor Suchlauf: 13 Verzeichnis(se), 426.853.548.032 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 426.794.266.624 Bytes frei
.
- - End Of File - - 3CB6CA55D6DD3AF35B0A2972A3731124
--- --- ---

charly1601 18.08.2013 19:57
Hier ist der 4 te Log allerdings in zwei hälften geteilt weil es zu groß ist!!die zweiten schick ich jetzt sofort.Habs einfach in der mitte geteilt,hoffe das geht

OTL logfile created on: 18.08.2013 20:18:13 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\charly1983\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,98 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,86% Memory free
7,96 Gb Paging File | 6,49 Gb Available in Paging File | 81,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,15 Gb Total Space | 397,75 Gb Free Space | 87,97% Space Free | Partition Type: NTFS

Computer Name: CHARLY1983-VAIO | User Name: charly1983 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\charly1983\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Sony\VAIO Care\listener.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Sony\VAIO Care\listener.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe ()
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (Update WK) -- C:\Program Files (x86)\WebConnect\updateWebConnect.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (McComponentHostServiceSony) -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{2A2483DB-4871-46C0-9B52-014088994C2B}: "URL" = Shopping.com Deutschland - der große Produkt- und Preisvergleich
IE - HKCU\..\SearchScopes\{2C2E6392-ACB3-4BC7-B708-3BD1FC76CFD9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc
IE - HKCU\..\SearchScopes\{BBB75436-FAE2-41F8-81D6-E20B1B8CE826}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{E9783D89-8707-436A-A633-3DC7D78D5E35}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{FAEA302F-829A-4CEC-AF43-E2EA34F4EEEB}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.enabled: true
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5038a95a0190b@5038a95a01945.info: C:\Users\charly1983\AppData\Roaming\Mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\5038a95a0190b@5038a95a01945.info [2012.08.25 12:32:33 | 000,000,000 | ---D | M]

[2012.08.25 11:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charly1983\AppData\Roaming\mozilla\Extensions
[2013.08.18 18:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charly1983\AppData\Roaming\mozilla\Firefox\Profiles\tn4v7yf6.default\extensions
[2012.08.25 12:32:33 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\charly1983\AppData\Roaming\mozilla\Firefox\Profiles\tn4v7yf6.default\extensions\5038a95a0190b@5038a95a01945.info
[2013.06.26 19:40:28 | 000,228,503 | ---- | M] () (No name found) -- C:\Users\charly1983\AppData\Roaming\mozilla\firefox\profiles\tn4v7yf6.default\extensions\ftd@ftd.com.xpi
[2012.11.15 19:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\charly1983\AppData\Roaming\mozilla\firefox\profiles\tn4v7yf6.default\extensions\socksharedownloader@socksharedownloader.com.xpi
[2013.07.20 14:11:12 | 000,000,948 | ---- | M] () -- C:\Users\charly1983\AppData\Roaming\mozilla\firefox\profiles\tn4v7yf6.default\searchplugins\search_the_web.xml
[2012.09.21 16:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={goo gle:suggestAPIKeyParameter},
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\charly1983\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WebConnect = C:\Users\charly1983\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_1\
CHR - Extension: fIRST lOVE = C:\Users\charly1983\AppData\Local\Google\Chrome\User Data\Default\Extensions\lighpcanjnomdcjmfficdanifpdmgmhp\0.2_0\

O1 HOSTS File: ([2013.08.18 19:35:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebConnect) - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files (x86)\WebConnect\WebConnectbho.dll (Web Connect)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [HP Photosmart Plus B210 series (NET)] C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\charly1983\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk = C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\system32\d3dynfov8.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C947C79F-330D-42C2-A91A-0BA1FF45D490}: DhcpNameServer = 192.168.0.3
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.08.18 19:37:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.08.18 19:37:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.08.18 19:27:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.08.18 19:16:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.08.18 18:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebConnect
[2013.08.17 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\charly1983\AppData\Roaming\Avira
[2013.08.17 17:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.08.17 17:26:07 | 000,000,000 | ---D | C] -- C:\Users\charly1983\Desktop\mbar
[2013.08.17 17:25:02 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.08.17 17:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.08.17 17:23:26 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.08.17 17:23:26 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.08.17 17:23:26 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.08.17 17:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.08.17 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.08.17 15:14:33 | 000,000,000 | ---D | C] -- C:\Users\charly1983\AppData\Roaming\Malwarebytes
[2013.08.17 15:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.08.11 19:53:39 | 000,000,000 | ---D | C] -- C:\Users\charly1983\Desktop\musik
[2013.08.11 17:12:59 | 000,000,000 | ---D | C] -- C:\Users\charly1983\Documents\StarBurn
[2013.08.11 17:12:59 | 000,000,000 | ---D | C] -- C:\Users\charly1983\AppData\Roaming\StarBurn
[2013.08.11 17:12:05 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.08.11 17:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarBurn Software
[2013.08.11 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarBurn Software
[2013.08.11 17:11:27 | 000,000,000 | ---D | C] -- C:\Users\charly1983\AppData\Roaming\MediaFilters
[2013.08.11 16:48:40 | 000,000,000 | ---D | C] -- C:\Users\charly1983\AppData\Roaming\DeepBurner
[2013.08.11 16:47:43 | 003,739,136 | ---- | C] (Astonsoft) -- C:\Users\charly1983\Documents\DeepBurner.exe
[2013.08.11 16:47:43 | 000,092,216 | ---- | C] (Un4seen Developments) -- C:\Users\charly1983\Documents\bass.dll
[2013.08.11 16:47:43 | 000,000,000 | ---D | C] -- C:\Users\charly1983\Documents\Images
[2013.08.11 16:47:43 | 000,000,000 | ---D | C] -- C:\Users\charly1983\Documents\Autorun
[2013.08.11 15:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Easy CD DVD Burner
[2013.07.28 23:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.07.28 20:47:51 | 000,000,000 | ---D | C] -- C:\Users\charly1983\AppData\Roaming\337 Wallpaper
[2013.07.28 20:41:08 | 000,000,000 | ---D | C] -- C:\Users\charly1983\AppData\Roaming\WinZipper
[2013.07.28 20:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZipper
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.18 20:07:54 | 000,001,145 | ---- | M] () -- C:\Users\charly1983\Desktop\OTL - Verknüpfung.lnk
[2013.08.18 20:01:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.08.18 20:00:04 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.18 20:00:04 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.18 19:52:05 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.08.18 19:52:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.08.18 19:51:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.18 19:46:02 | 000,002,025 | ---- | M] () -- C:\Users\charly1983\Desktop\log editor - Verknüpfung.lnk
[2013.08.18 19:35:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.08.18 19:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.08.18 19:24:01 | 000,001,904 | ---- | M] () -- C:\Users\charly1983\Desktop\JRT - Verknüpfung.lnk
[2013.08.18 19:02:19 | 000,002,093 | ---- | M] () -- C:\Users\charly1983\Desktop\AdwCleaner[S2] - Verknüpfung.lnk
[2013.08.18 18:54:02 | 000,000,156 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.08.17 17:24:48 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.08.17 17:23:43 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.08.15 03:35:35 | 001,635,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.08.15 03:35:35 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.08.15 03:35:35 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.08.15 03:35:35 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.08.15 03:35:35 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.08.11 17:12:05 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.07.31 21:02:47 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.28 22:13:05 | 000,000,013 | ---- | M] () -- C:\Users\charly1983\www.google[1].xml
[2013.07.28 22:12:44 | 000,041,902 | ---- | M] () -- C:\Users\charly1983\square.xcf
[2013.07.28 22:12:44 | 000,000,656 | ---- | M] () -- C:\Users\charly1983\manifest.json
[2013.07.28 22:12:44 | 000,000,496 | ---- | M] () -- C:\Users\charly1983\newtab.html
[2013.07.28 22:12:43 | 000,079,313 | ---- | M] () -- C:\Users\charly1983\icon512t.png
[2013.07.28 22:12:43 | 000,001,277 | ---- | M] () -- C:\Users\charly1983\icon48.png
[2013.07.28 22:12:43 | 000,000,793 | ---- | M] () -- C:\Users\charly1983\icon32.png
[2013.07.28 22:12:43 | 000,000,382 | ---- | M] () -- C:\Users\charly1983\icon16.png
[2013.07.28 22:12:42 | 000,160,923 | ---- | M] () -- C:\Users\charly1983\background.jpg
[2013.07.28 22:12:42 | 000,021,836 | ---- | M] () -- C:\Users\charly1983\icon.xcf
[2013.07.28 22:12:42 | 000,007,337 | ---- | M] () -- C:\Users\charly1983\icon128.png
[2013.07.28 22:12:42 | 000,006,324 | ---- | M] () -- C:\Users\charly1983\main-v.1.3.5.css
[2013.07.28 22:12:42 | 000,005,248 | ---- | M] () -- C:\Users\charly1983\newtab.css
[2013.07.28 22:12:42 | 000,004,955 | ---- | M] () -- C:\Users\charly1983\stats.js
[2013.07.28 22:12:42 | 000,002,430 | ---- | M] () -- C:\Users\charly1983\logo48.png
[2013.07.28 22:12:42 | 000,001,213 | ---- | M] () -- C:\Users\charly1983\logo32.png
[2013.07.28 22:12:42 | 000,000,835 | ---- | M] () -- C:\Users\charly1983\favicon-bookmarks.png
[2013.07.28 22:12:42 | 000,000,797 | ---- | M] () -- C:\Users\charly1983\favicon-extensions.png
[2013.07.28 22:12:42 | 000,000,766 | ---- | M] () -- C:\Users\charly1983\favicon-history.png
[2013.07.28 22:12:42 | 000,000,707 | ---- | M] () -- C:\Users\charly1983\favicon-downloads.png
[2013.07.28 22:12:42 | 000,000,518 | ---- | M] () -- C:\Users\charly1983\gear.png
[2013.07.28 22:12:42 | 000,000,426 | ---- | M] () -- C:\Users\charly1983\favicon.png
[2013.07.28 22:12:42 | 000,000,187 | ---- | M] () -- C:\Users\charly1983\background.html
[2013.07.28 22:12:42 | 000,000,088 | ---- | M] () -- C:\Users\charly1983\redirect.html
[2013.07.28 22:12:41 | 000,012,076 | ---- | M] () -- C:\Users\charly1983\logo128.png
[2013.07.28 22:12:41 | 000,003,618 | ---- | M] () -- C:\Users\charly1983\logo24.png
[2013.07.28 22:12:41 | 000,000,699 | ---- | M] () -- C:\Users\charly1983\CZbackground.html
[2013.07.28 22:12:41 | 000,000,540 | ---- | M] () -- C:\Users\charly1983\logo16.png
[2013.07.28 22:12:37 | 000,000,084 | ---- | M] () -- C:\Users\charly1983\secure.img-cdn.mediaplex[1].xml
[2013.07.28 22:12:35 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\https_chrome.google.com_0.localstorage
[2013.07.28 22:12:35 | 000,000,512 | ---- | M] () -- C:\Users\charly1983\https_chrome.google.com_0.localstorage-journal
[2013.07.28 22:12:34 | 000,005,426 | ---- | M] () -- C:\Users\charly1983\c4a9ea5b-1e40-4724-ade1-074be3f7f01f.png
[2013.07.28 22:12:34 | 000,005,426 | ---- | M] () -- C:\Users\charly1983\a6fab8fb-51a2-4421-ae10-78ad7870b38e.png
[2013.07.28 22:12:34 | 000,000,001 | ---- | M] () -- C:\Users\charly1983\softupdate[4].htm
[2013.07.28 22:12:34 | 000,000,001 | ---- | M] () -- C:\Users\charly1983\softupdate[3].htm
[2013.07.28 22:12:34 | 000,000,000 | ---- | M] () -- C:\Users\charly1983\monetization[2].gif
[2013.07.28 22:12:34 | 000,000,000 | ---- | M] () -- C:\Users\charly1983\apps[2].gif
[2013.07.28 22:12:33 | 000,065,536 | ---- | M] () -- C:\Users\charly1983\tmp.edb
[2013.07.28 22:12:33 | 000,039,793 | ---- | M] () -- C:\Users\charly1983\03a111f3-3cfc-4160-93ea-2984878c0322[1].swf
[2013.07.28 22:12:33 | 000,000,000 | ---- | M] () -- C:\Users\charly1983\container.dat
[2013.07.28 22:12:32 | 000,021,937 | ---- | M] () -- C:\Users\charly1983\teaser_quer1[1].jpg
[2013.07.28 22:12:32 | 000,019,238 | ---- | M] () -- C:\Users\charly1983\2013.06.20_Double%20Play_CallandSurfComfort_Motiv%20Mouse_300x250_2_online[1].swf
[2013.07.28 22:12:32 | 000,019,221 | ---- | M] () -- C:\Users\charly1983\bg[1].jpg
[2013.07.28 22:12:32 | 000,008,950 | ---- | M] () -- C:\Users\charly1983\teaser_quer4[1].jpg
[2013.07.28 22:12:32 | 000,006,967 | ---- | M] () -- C:\Users\charly1983\teaser_quer3[1].jpg
[2013.07.28 22:12:32 | 000,006,857 | ---- | M] () -- C:\Users\charly1983\teaser_quer2[1].jpg
[2013.07.28 22:12:32 | 000,002,766 | ---- | M] () -- C:\Users\charly1983\universal[1].htm
[2013.07.28 22:12:32 | 000,000,685 | ---- | M] () -- C:\Users\charly1983\bg_iframe_quer[1].jpg
[2013.07.28 22:12:32 | 000,000,668 | ---- | M] () -- C:\Users\charly1983\vcm_platzhalter_728x90[1].htm
[2013.07.28 22:12:32 | 000,000,043 | ---- | M] () -- C:\Users\charly1983\gif[1].htm
[2013.07.28 22:12:31 | 000,056,765 | ---- | M] () -- C:\Users\charly1983\400x535_DE_AFF_zal_outlet_vr_130521[1].jpg
[2013.07.28 22:12:31 | 000,010,654 | ---- | M] () -- C:\Users\charly1983\frameiconcache.dat
[2013.07.28 22:12:31 | 000,009,828 | ---- | M] () -- C:\Users\charly1983\tabiconcache.dat
[2013.07.28 22:12:31 | 000,004,844 | ---- | M] () -- C:\Users\charly1983\logo[1].jpg
[2013.07.28 22:12:31 | 000,002,875 | ---- | M] () -- C:\Users\charly1983\logo64.png
[2013.07.28 22:12:31 | 000,002,848 | ---- | M] () -- C:\Users\charly1983\Weka_800x600_standardt_MCT[1].htm
[2013.07.28 22:12:31 | 000,001,093 | ---- | M] () -- C:\Users\charly1983\notifier_avira_com[1].htm
[2013.07.28 22:12:31 | 000,000,669 | ---- | M] () -- C:\Users\charly1983\vcm_platzhalter_300x250[1].htm
[2013.07.28 22:12:31 | 000,000,331 | ---- | M] () -- C:\Users\charly1983\AF_zalando_outlet_400x535[1].htm
[2013.07.28 22:12:31 | 000,000,152 | ---- | M] () -- C:\Users\charly1983\box[1].gif
[2013.07.28 22:12:31 | 000,000,100 | ---- | M] () -- C:\Users\charly1983\label[1].gif
[2013.07.28 22:12:31 | 000,000,043 | ---- | M] () -- C:\Users\charly1983\blank[1].gif
[2013.07.28 22:12:31 | 000,000,035 | ---- | M] () -- C:\Users\charly1983\__utm[1].gif
[2013.07.28 22:12:30 | 000,019,738 | ---- | M] () -- C:\Users\charly1983\tabs[1].jpg
[2013.07.28 22:12:30 | 000,012,585 | ---- | M] () -- C:\Users\charly1983\thema_2_050713[1].jpg
[2013.07.28 22:12:30 | 000,011,786 | ---- | M] () -- C:\Users\charly1983\dealplyIcon128.png
[2013.07.28 22:12:30 | 000,006,764 | ---- | M] () -- C:\Users\charly1983\avira-notifier-6944975[1].htm
[2013.07.28 22:12:30 | 000,003,885 | ---- | M] () -- C:\Users\charly1983\dealplyIcon48.png
[2013.07.28 22:12:30 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\https_www.amazon.de_0.localstorage-journal
[2013.07.28 22:12:30 | 000,003,584 | ---- | M] () -- C:\Users\charly1983\RecoveryStore.{E9BFAC29-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:30 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\https_www.amazon.de_0.localstorage
[2013.07.28 22:12:30 | 000,002,066 | ---- | M] () -- C:\Users\charly1983\ie8[1].htm
[2013.07.28 22:12:30 | 000,000,998 | ---- | M] () -- C:\Users\charly1983\dealplyIcon16.png
[2013.07.28 22:12:30 | 000,000,231 | ---- | M] () -- C:\Users\charly1983\springer_50-50[1].htm
[2013.07.28 22:12:30 | 000,000,035 | ---- | M] () -- C:\Users\charly1983\__utm[2].gif
[2013.07.28 22:12:29 | 000,085,260 | ---- | M] () -- C:\Users\charly1983\jquery-1.5.1.min.js
[2013.07.28 22:12:29 | 000,006,329 | ---- | M] () -- C:\Users\charly1983\globe_64.png
[2013.07.28 22:12:29 | 000,005,120 | ---- | M] () -- C:\Users\charly1983\{E9BFD33A-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,005,120 | ---- | M] () -- C:\Users\charly1983\{E9BFAC2A-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,004,608 | ---- | M] () -- C:\Users\charly1983\RecoveryStore.{D6AFC02E-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\http_imagesrv.adition.com_0.localstorage-journal
[2013.07.28 22:12:29 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\http_gft2.de_0.localstorage-journal
[2013.07.28 22:12:29 | 000,003,584 | ---- | M] () -- C:\Users\charly1983\RecoveryStore.{E9BFD339-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\http_imagesrv.adition.com_0.localstorage
[2013.07.28 22:12:29 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\http_gft2.de_0.localstorage
[2013.07.28 22:12:29 | 000,000,230 | ---- | M] () -- C:\Users\charly1983\settings.json
[2013.07.28 22:12:28 | 000,026,399 | ---- | M] () -- C:\Users\charly1983\cbtop_250713[1].jpg
[2013.07.28 22:12:28 | 000,014,070 | ---- | M] () -- C:\Users\charly1983\globe_128.png
[2013.07.28 22:12:28 | 000,010,179 | ---- | M] () -- C:\Users\charly1983\thema_1_120313[1].jpg
[2013.07.28 22:12:28 | 000,004,330 | ---- | M] () -- C:\Users\charly1983\globe_48.png
[2013.07.28 22:12:28 | 000,002,502 | ---- | M] () -- C:\Users\charly1983\globe_32.png
[2013.07.28 22:12:28 | 000,001,725 | ---- | M] () -- C:\Users\charly1983\globe_24.png
[2013.07.28 22:12:28 | 000,001,025 | ---- | M] () -- C:\Users\charly1983\globe_16.png
[2013.07.28 22:12:28 | 000,000,188 | ---- | M] () -- C:\Users\charly1983\Default[1].aspx
[2013.07.28 22:12:27 | 003,667,825 | ---- | M] () -- C:\Users\charly1983\Trace9.fx
[2013.07.28 22:12:26 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\http_synonyme.woxikon.de_0.localstorage-journal
[2013.07.28 22:12:26 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\http_ad.adnet.de_0.localstorage-journal
[2013.07.28 22:12:26 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\http_ad.adnet.de_0.localstorage
[2013.07.28 22:12:25 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\http_www.wie-sagt-man-noch.de_0.localstorage-journal
[2013.07.28 22:12:25 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\http_www.wie-sagt-man-noch.de_0.localstorage
[2013.07.28 22:12:25 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\http_synonyme.woxikon.de_0.localstorage
[2013.07.28 22:12:25 | 000,000,465 | ---- | M] () -- C:\Users\charly1983\settings.sol
[2013.07.28 22:12:25 | 000,000,103 | ---- | M] () -- C:\Users\charly1983\SnackTV.sol
[2013.07.28 22:12:24 | 000,044,544 | ---- | M] () -- C:\Users\charly1983\o2dsl_xx_vdsl_ca_300x250[1].swf
[2013.07.28 22:12:24 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\https_x.myspacecdn.com_0.localstorage-journal
[2013.07.28 22:12:24 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\https_www.facebook.com_0.localstorage-journal
[2013.07.28 22:12:24 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\https_myspace.com_0.localstorage-journal
[2013.07.28 22:12:24 | 000,003,608 | ---- | M] () -- C:\Users\charly1983\http_de.wikipedia.org_0.localstorage-journal
[2013.07.28 22:12:24 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\https_x.myspacecdn.com_0.localstorage
[2013.07.28 22:12:24 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\https_www.facebook.com_0.localstorage
[2013.07.28 22:12:24 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\https_myspace.com_0.localstorage
[2013.07.28 22:12:24 | 000,003,072 | ---- | M] () -- C:\Users\charly1983\http_de.wikipedia.org_0.localstorage
[2013.07.28 22:12:24 | 000,001,349 | ---- | M] () -- C:\Users\charly1983\clip_image001.emz
[2013.07.28 22:12:24 | 000,000,052 | ---- | M] () -- C:\Users\charly1983\postview[1].gif
[2013.07.28 22:12:24 | 000,000,000 | ---- | M] () -- C:\Users\charly1983\EtwRTMsMpPsSession7.etl
[2013.07.28 22:12:23 | 000,046,786 | ---- | M] () -- C:\Users\charly1983\20130624_Double%20Play_CallandSurfComfort_VDSL_Motiv%20Pferderennen_728x90_02_online[1].swf
[2013.07.28 22:12:23 | 000,001,722 | ---- | M] () -- C:\Users\charly1983\index_quer2[1].htm
[2013.07.28 22:12:23 | 000,000,043 | ---- | M] () -- C:\Users\charly1983\tre[2].gif
[2013.07.28 22:12:22 | 000,032,768 | ---- | M] () -- C:\Users\charly1983\places.sqlite-shm
[2013.07.28 22:12:22 | 000,002,848 | ---- | M] () -- C:\Users\charly1983\Weka_800x600_standardt_MCT[2].htm
[2013.07.25 23:11:26 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.21 22:00:45 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.18 20:07:54 | 000,001,145 | ---- | C] () -- C:\Users\charly1983\Desktop\OTL - Verknüpfung.lnk
[2013.08.18 19:46:02 | 000,002,025 | ---- | C] () -- C:\Users\charly1983\Desktop\log editor - Verknüpfung.lnk
[2013.08.18 19:24:01 | 000,001,904 | ---- | C] () -- C:\Users\charly1983\Desktop\JRT - Verknüpfung.lnk
[2013.08.18 19:02:19 | 000,002,093 | ---- | C] () -- C:\Users\charly1983\Desktop\AdwCleaner[S2] - Verknüpfung.lnk
[2013.08.18 18:53:10 | 000,000,156 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.08.17 17:23:43 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.08.11 16:47:43 | 000,643,984 | ---- | C] () -- C:\Users\charly1983\Documents\BurnerHelp.chm
[2013.08.11 16:47:43 | 000,085,610 | ---- | C] () -- C:\Users\charly1983\Documents\DefaultSound.wav
[2013.08.11 16:47:43 | 000,072,756 | ---- | C] () -- C:\Users\charly1983\Documents\DeepBurner.lng
[2013.08.11 16:47:43 | 000,001,794 | ---- | C] () -- C:\Users\charly1983\Documents\DefLang.ini
[2013.07.28 23:03:55 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.28 22:13:02 | 000,000,013 | ---- | C] () -- C:\Users\charly1983\www.google[1].xml
[2013.07.28 22:12:44 | 000,041,902 | ---- | C] () -- C:\Users\charly1983\square.xcf
[2013.07.28 22:12:44 | 000,000,496 | ---- | C] () -- C:\Users\charly1983\newtab.html
[2013.07.28 22:12:43 | 000,079,313 | ---- | C] () -- C:\Users\charly1983\icon512t.png
[2013.07.28 22:12:43 | 000,001,277 | ---- | C] () -- C:\Users\charly1983\icon48.png
[2013.07.28 22:12:43 | 000,000,793 | ---- | C] () -- C:\Users\charly1983\icon32.png
[2013.07.28 22:12:42 | 000,160,923 | ---- | C] () -- C:\Users\charly1983\background.jpg
[2013.07.28 22:12:42 | 000,021,836 | ---- | C] () -- C:\Users\charly1983\icon.xcf
[2013.07.28 22:12:42 | 000,007,337 | ---- | C] () -- C:\Users\charly1983\icon128.png
[2013.07.28 22:12:42 | 000,006,324 | ---- | C] () -- C:\Users\charly1983\main-v.1.3.5.css
[2013.07.28 22:12:42 | 000,005,248 | ---- | C] () -- C:\Users\charly1983\newtab.css
[2013.07.28 22:12:42 | 000,004,955 | ---- | C] () -- C:\Users\charly1983\stats.js
[2013.07.28 22:12:42 | 000,002,430 | ---- | C] () -- C:\Users\charly1983\logo48.png
[2013.07.28 22:12:42 | 000,000,835 | ---- | C] () -- C:\Users\charly1983\favicon-bookmarks.png
[2013.07.28 22:12:42 | 000,000,797 | ---- | C] () -- C:\Users\charly1983\favicon-extensions.png
[2013.07.28 22:12:42 | 000,000,766 | ---- | C] () -- C:\Users\charly1983\favicon-history.png
[2013.07.28 22:12:42 | 000,000,707 | ---- | C] () -- C:\Users\charly1983\favicon-downloads.png
[2013.07.28 22:12:42 | 000,000,518 | ---- | C] () -- C:\Users\charly1983\gear.png
[2013.07.28 22:12:42 | 000,000,426 | ---- | C] () -- C:\Users\charly1983\favicon.png
[2013.07.28 22:12:42 | 000,000,382 | ---- | C] () -- C:\Users\charly1983\icon16.png
[2013.07.28 22:12:42 | 000,000,088 | ---- | C] () -- C:\Users\charly1983\redirect.html
[2013.07.28 22:12:41 | 000,012,076 | ---- | C] () -- C:\Users\charly1983\logo128.png
[2013.07.28 22:12:41 | 000,003,618 | ---- | C] () -- C:\Users\charly1983\logo24.png
[2013.07.28 22:12:41 | 000,001,213 | ---- | C] () -- C:\Users\charly1983\logo32.png
[2013.07.28 22:12:41 | 000,000,699 | ---- | C] () -- C:\Users\charly1983\CZbackground.html
[2013.07.28 22:12:41 | 000,000,540 | ---- | C] () -- C:\Users\charly1983\logo16.png
[2013.07.28 22:12:37 | 000,000,084 | ---- | C] () -- C:\Users\charly1983\secure.img-cdn.mediaplex[1].xml
[2013.07.28 22:12:35 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\https_chrome.google.com_0.localstorage
[2013.07.28 22:12:35 | 000,000,512 | ---- | C] () -- C:\Users\charly1983\https_chrome.google.com_0.localstorage-journal
[2013.07.28 22:12:34 | 000,005,426 | ---- | C] () -- C:\Users\charly1983\c4a9ea5b-1e40-4724-ade1-074be3f7f01f.png
[2013.07.28 22:12:34 | 000,005,426 | ---- | C] () -- C:\Users\charly1983\a6fab8fb-51a2-4421-ae10-78ad7870b38e.png
[2013.07.28 22:12:34 | 000,000,001 | ---- | C] () -- C:\Users\charly1983\softupdate[4].htm
[2013.07.28 22:12:34 | 000,000,001 | ---- | C] () -- C:\Users\charly1983\softupdate[3].htm
[2013.07.28 22:12:34 | 000,000,000 | ---- | C] () -- C:\Users\charly1983\monetization[2].gif
[2013.07.28 22:12:34 | 000,000,000 | ---- | C] () -- C:\Users\charly1983\apps[2].gif
[2013.07.28 22:12:33 | 000,039,793 | ---- | C] () -- C:\Users\charly1983\03a111f3-3cfc-4160-93ea-2984878c0322[1].swf
[2013.07.28 22:12:32 | 000,021,937 | ---- | C] () -- C:\Users\charly1983\teaser_quer1[1].jpg
[2013.07.28 22:12:32 | 000,019,238 | ---- | C] () -- C:\Users\charly1983\2013.06.20_Double%20Play_CallandSurfComfort_Motiv%20Mouse_300x250_2_online[1].swf
[2013.07.28 22:12:32 | 000,008,950 | ---- | C] () -- C:\Users\charly1983\teaser_quer4[1].jpg
[2013.07.28 22:12:32 | 000,006,967 | ---- | C] () -- C:\Users\charly1983\teaser_quer3[1].jpg
[2013.07.28 22:12:32 | 000,006,857 | ---- | C] () -- C:\Users\charly1983\teaser_quer2[1].jpg
[2013.07.28 22:12:32 | 000,002,766 | ---- | C] () -- C:\Users\charly1983\universal[1].htm
[2013.07.28 22:12:32 | 000,000,685 | ---- | C] () -- C:\Users\charly1983\bg_iframe_quer[1].jpg
[2013.07.28 22:12:32 | 000,000,668 | ---- | C] () -- C:\Users\charly1983\vcm_platzhalter_728x90[1].htm
[2013.07.28 22:12:32 | 000,000,043 | ---- | C] () -- C:\Users\charly1983\gif[1].htm
[2013.07.28 22:12:31 | 000,056,765 | ---- | C] () -- C:\Users\charly1983\400x535_DE_AFF_zal_outlet_vr_130521[1].jpg
[2013.07.28 22:12:31 | 000,019,221 | ---- | C] () -- C:\Users\charly1983\bg[1].jpg
[2013.07.28 22:12:31 | 000,010,654 | ---- | C] () -- C:\Users\charly1983\frameiconcache.dat
[2013.07.28 22:12:31 | 000,009,828 | ---- | C] () -- C:\Users\charly1983\tabiconcache.dat
[2013.07.28 22:12:31 | 000,004,844 | ---- | C] () -- C:\Users\charly1983\logo[1].jpg
[2013.07.28 22:12:31 | 000,002,875 | ---- | C] () -- C:\Users\charly1983\logo64.png
[2013.07.28 22:12:31 | 000,002,848 | ---- | C] () -- C:\Users\charly1983\Weka_800x600_standardt_MCT[1].htm
[2013.07.28 22:12:31 | 000,001,093 | ---- | C] () -- C:\Users\charly1983\notifier_avira_com[1].htm
[2013.07.28 22:12:31 | 000,000,331 | ---- | C] () -- C:\Users\charly1983\AF_zalando_outlet_400x535[1].htm
[2013.07.28 22:12:31 | 000,000,152 | ---- | C] () -- C:\Users\charly1983\box[1].gif
[2013.07.28 22:12:31 | 000,000,100 | ---- | C] () -- C:\Users\charly1983\label[1].gif
[2013.07.28 22:12:31 | 000,000,043 | ---- | C] () -- C:\Users\charly1983\blank[1].gif
[2013.07.28 22:12:31 | 000,000,035 | ---- | C] () -- C:\Users\charly1983\__utm[1].gif
[2013.07.28 22:12:30 | 000,019,738 | ---- | C] () -- C:\Users\charly1983\tabs[1].jpg
[2013.07.28 22:12:30 | 000,012,585 | ---- | C] () -- C:\Users\charly1983\thema_2_050713[1].jpg
[2013.07.28 22:12:30 | 000,011,786 | ---- | C] () -- C:\Users\charly1983\dealplyIcon128.png
[2013.07.28 22:12:30 | 000,006,764 | ---- | C] () -- C:\Users\charly1983\avira-notifier-6944975[1].htm
[2013.07.28 22:12:30 | 000,003,885 | ---- | C] () -- C:\Users\charly1983\dealplyIcon48.png
[2013.07.28 22:12:30 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\https_www.amazon.de_0.localstorage-journal
[2013.07.28 22:12:30 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\https_www.amazon.de_0.localstorage
[2013.07.28 22:12:30 | 000,000,998 | ---- | C] () -- C:\Users\charly1983\dealplyIcon16.png
[2013.07.28 22:12:30 | 000,000,231 | ---- | C] () -- C:\Users\charly1983\springer_50-50[1].htm
[2013.07.28 22:12:30 | 000,000,035 | ---- | C] () -- C:\Users\charly1983\__utm[2].gif
[2013.07.28 22:12:29 | 000,005,120 | ---- | C] () -- C:\Users\charly1983\{E9BFD33A-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,005,120 | ---- | C] () -- C:\Users\charly1983\{E9BFAC2A-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,004,608 | ---- | C] () -- C:\Users\charly1983\RecoveryStore.{D6AFC02E-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\http_imagesrv.adition.com_0.localstorage-journal
[2013.07.28 22:12:29 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\http_gft2.de_0.localstorage-journal
[2013.07.28 22:12:29 | 000,003,584 | ---- | C] () -- C:\Users\charly1983\RecoveryStore.{E9BFD339-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,003,584 | ---- | C] () -- C:\Users\charly1983\RecoveryStore.{E9BFAC29-7386-11E2-97F9-78843CE3C286}.dat
[2013.07.28 22:12:29 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\http_imagesrv.adition.com_0.localstorage
[2013.07.28 22:12:29 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\http_gft2.de_0.localstorage
[2013.07.28 22:12:28 | 000,026,399 | ---- | C] () -- C:\Users\charly1983\cbtop_250713[1].jpg
[2013.07.28 22:12:28 | 000,010,179 | ---- | C] () -- C:\Users\charly1983\thema_1_120313[1].jpg
[2013.07.28 22:12:28 | 000,000,188 | ---- | C] () -- C:\Users\charly1983\Default[1].aspx
[2013.07.28 22:12:26 | 003,667,825 | ---- | C] () -- C:\Users\charly1983\Trace9.fx
[2013.07.28 22:12:26 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\http_ad.adnet.de_0.localstorage-journal
[2013.07.28 22:12:26 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\http_ad.adnet.de_0.localstorage
[2013.07.28 22:12:26 | 000,002,066 | ---- | C] () -- C:\Users\charly1983\ie8[1].htm
[2013.07.28 22:12:26 | 000,000,656 | ---- | C] () -- C:\Users\charly1983\manifest.json
[2013.07.28 22:12:26 | 000,000,230 | ---- | C] () -- C:\Users\charly1983\settings.json
[2013.07.28 22:12:25 | 000,085,260 | ---- | C] () -- C:\Users\charly1983\jquery-1.5.1.min.js
[2013.07.28 22:12:25 | 000,014,070 | ---- | C] () -- C:\Users\charly1983\globe_128.png
[2013.07.28 22:12:25 | 000,006,329 | ---- | C] () -- C:\Users\charly1983\globe_64.png
[2013.07.28 22:12:25 | 000,004,330 | ---- | C] () -- C:\Users\charly1983\globe_48.png
[2013.07.28 22:12:25 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\http_www.wie-sagt-man-noch.de_0.localstorage-journal
[2013.07.28 22:12:25 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\http_synonyme.woxikon.de_0.localstorage-journal
[2013.07.28 22:12:25 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\http_synonyme.woxikon.de_0.localstorage
[2013.07.28 22:12:25 | 000,002,502 | ---- | C] () -- C:\Users\charly1983\globe_32.png
[2013.07.28 22:12:25 | 000,001,725 | ---- | C] () -- C:\Users\charly1983\globe_24.png
[2013.07.28 22:12:25 | 000,001,025 | ---- | C] () -- C:\Users\charly1983\globe_16.png
[2013.07.28 22:12:25 | 000,000,465 | ---- | C] () -- C:\Users\charly1983\settings.sol
[2013.07.28 22:12:25 | 000,000,187 | ---- | C] () -- C:\Users\charly1983\background.html
[2013.07.28 22:12:25 | 000,000,103 | ---- | C] () -- C:\Users\charly1983\SnackTV.sol
[2013.07.28 22:12:24 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\https_x.myspacecdn.com_0.localstorage-journal
[2013.07.28 22:12:24 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\https_www.facebook.com_0.localstorage-journal
[2013.07.28 22:12:24 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\https_myspace.com_0.localstorage-journal
[2013.07.28 22:12:24 | 000,003,608 | ---- | C] () -- C:\Users\charly1983\http_de.wikipedia.org_0.localstorage-journal
[2013.07.28 22:12:24 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\https_x.myspacecdn.com_0.localstorage
[2013.07.28 22:12:24 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\https_www.facebook.com_0.localstorage
[2013.07.28 22:12:24 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\https_myspace.com_0.localstorage
[2013.07.28 22:12:24 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\http_www.wie-sagt-man-noch.de_0.localstorage
[2013.07.28 22:12:24 | 000,003,072 | ---- | C] () -- C:\Users\charly1983\http_de.wikipedia.org_0.localstorage
[2013.07.28 22:12:24 | 000,001,349 | ---- | C] () -- C:\Users\charly1983\clip_image001.emz
[2013.07.28 22:12:24 | 000,000,052 | ---- | C] () -- C:\Users\charly1983\postview[1].gif
[2013.07.28 22:12:24 | 000,000,000 | ---- | C] () -- C:\Users\charly1983\EtwRTMsMpPsSession7.etl
[2013.07.28 22:12:24 | 000,000,000 | ---- | C] () -- C:\Users\charly1983\container.dat
[2013.07.28 22:12:23 | 000,046,786 | ---- | C] () -- C:\Users\charly1983\20130624_Double%20Play_CallandSurfComfort_VDSL_Motiv%20Pferderennen_728x90_02_online[1].swf
[2013.07.28 22:12:23 | 000,044,544 | ---- | C] () -- C:\Users\charly1983\o2dsl_xx_vdsl_ca_300x250[1].swf
[2013.07.28 22:12:23 | 000,001,722 | ---- | C] () -- C:\Users\charly1983\index_quer2[1].htm
[2013.07.28 22:12:23 | 000,000,669 | ---- | C] () -- C:\Users\charly1983\vcm_platzhalter_300x250[1].htm
[2013.07.28 22:12:23 | 000,000,043 | ---- | C] () -- C:\Users\charly1983\tre[2].gif
[2013.07.28 22:12:22 | 000,065,536 | ---- | C] () -- C:\Users\charly1983\tmp.edb
[2013.07.28 22:12:22 | 000,032,768 | ---- | C] () -- C:\Users\charly1983\places.sqlite-shm
[2013.07.28 22:12:22 | 000,002,848 | ---- | C] () -- C:\Users\charly1983\Weka_800x600_standardt_MCT[2].htm
[2013.07.21 22:00:45 | 000,000,240 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
[2013.06.30 00:58:45 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
[2013.03.25 02:51:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.02.02 22:07:41 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.12.06 02:38:23 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.08.28 01:04:37 | 000,000,127 | ---- | C] () -- C:\Users\charly1983\wxDownloadFast.ini
[2012.06.07 13:46:54 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll
[2012.06.07 13:46:54 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll
[2011.09.18 11:41:02 | 000,003,584 | ---- | C] () -- C:\Users\charly1983\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.14 23:35:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.07.28 20:47:51 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\337 Wallpaper
[2012.10.13 00:05:57 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\AusLogics
[2013.06.30 00:56:13 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\Buhl Data Service
[2012.07.14 19:40:22 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\Canneverbe Limited
[2013.07.18 22:48:33 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\Common
[2013.08.18 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\convert
[2013.08.11 16:49:08 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\DeepBurner
[2012.11.01 21:26:17 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\DriverFinder
[2013.03.25 02:19:40 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\DRPSu
[2013.06.06 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\DVDVideoSoft
[2012.06.02 14:36:32 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\FreePDF
[2012.11.01 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\GlarySoft
[2011.10.02 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\gtk-2.0
[2013.02.02 22:16:44 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\iolo
[2011.09.26 00:07:38 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\IrfanView
[2012.12.06 04:31:33 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\LibreOffice
[2013.08.11 17:11:28 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\MediaFilters
[2012.07.15 00:01:37 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\MediaMonkey
[2011.09.07 01:14:15 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\MusicNet
[2012.06.04 00:59:23 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\OpenOffice.org
[2012.06.14 00:55:39 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\Opera
[2012.08.25 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\PhotoScape
[2013.07.18 22:48:33 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\PiccShare
[2013.05.08 22:53:24 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\player
[2013.07.18 22:41:05 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\SmartTools
[2012.10.22 02:18:13 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\smc
[2013.08.11 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\StarBurn
[2012.11.03 22:22:32 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\TuneUp Software
[2013.03.03 03:10:11 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\WindSolutions
[2013.07.28 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\WinZipper
[2013.03.04 00:51:16 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\xrecode2
[2012.12.06 03:38:08 | 000,000,000 | ---D | M] -- C:\Users\charly1983\AppData\Roaming\yWorks

========== Purity Check ==========

charly1601 18.08.2013 20:04
so der zweite teil:
========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4

< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{E1CF60BB-6FE9-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{E1CF60BB-6FE9-4DE2 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.21 05:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2

< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.21 05:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]

< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.21 05:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc]

< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >

< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp
[2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp
[2010.11.21 05:24:28 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp

< C:\Windows\system32\*.dll /600 >
[2012.08.23 13:15:57 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apisetschema.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll
[2013.07.09 06:46:31 | 001,166,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll
[2013.07.09 06:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2013.03.18 23:46:17 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2013.03.18 23:46:17 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.03.18 23:46:19 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\elshyph.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2012.08.21 14:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\GEARAspi.dll
[2013.03.18 23:46:17 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2013.03.18 23:46:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2013.03.18 23:46:17 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2013.03.18 23:46:17 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.07.26 05:11:59 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.03.18 23:46:18 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2013.07.26 05:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.07.26 05:12:00 | 002,048,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.07.26 05:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2013.07.26 05:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2013.07.26 05:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2013.03.18 23:46:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2013.03.18 23:46:19 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2013.07.26 05:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.07.26 05:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.07.26 05:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2013.03.18 23:46:17 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2013.02.02 22:07:41 | 000,074,703 | ---- | M] () -- C:\Windows\system32\mfc45.dll
[2013.07.26 05:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.03.18 23:46:18 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.07.26 05:12:23 | 014,329,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.03.18 23:46:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2013.03.18 23:46:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2013.03.18 23:46:19 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.03.18 23:46:19 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2013.03.18 23:46:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2012.08.23 15:47:20 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MsRdpWebAccess.dll
[2012.08.23 10:19:01 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.08 12:29:12 | 001,402,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml4.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2013.07.09 06:53:47 | 001,292,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2013.07.09 04:49:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2012.06.11 10:27:32 | 001,973,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll
[2012.06.11 10:28:40 | 013,013,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll
[2012.06.11 10:29:32 | 004,938,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll
[2012.06.11 10:29:50 | 002,581,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll
[2012.06.11 10:30:38 | 002,956,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll
[2012.06.11 10:30:56 | 010,065,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll
[2012.06.11 10:32:24 | 015,053,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll
[2012.06.11 10:33:10 | 006,033,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll
[2013.03.18 23:46:18 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2012.06.11 10:33:26 | 000,059,712 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll
[2013.03.18 23:46:18 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2012.05.04 11:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2013.06.04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.08.23 13:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpendp_winip.dll
[2013.07.09 06:52:33 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll
[2012.03.12 06:08:18 | 009,888,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\RtsPStorIcon.dll
[2012.08.24 18:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.08.24 18:57:40 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll
[2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.08.24 18:53:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2012.08.23 15:18:14 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2013.07.19 03:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2013.03.18 23:46:17 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.07.26 05:13:14 | 001,141,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.03.18 23:46:18 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2013.03.18 23:46:18 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.04.17 09:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2013.07.26 05:13:24 | 001,767,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.07.09 06:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.08.23 15:46:20 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wksprtPS.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2013.07.09 06:52:33 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.07 01:09:12 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.11.01 23:33:00 | 000,000,336 | ---- | C] () -- C:\Windows\Tasks\GlaryInitialize.job
[2013.07.18 22:51:03 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.07.18 22:51:04 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.07.21 22:00:45 | 000,000,240 | ---- | C] () -- C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job

< C:\Windows\SysNative\*.dll /600 >
[2012.08.23 12:54:24 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 07:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 22:35:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 22:32:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 22:35:31 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 22:31:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 22:35:31 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 22:31:40 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 22:31:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 07:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appinfo.dll
[2012.12.16 16:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 19:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.02.27 07:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.01.28 14:19:28 | 000,026,400 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.05.13 07:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2012.05.28 07:09:04 | 002,168,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\coin91.dll
[2013.07.09 07:46:20 | 001,472,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.05.10 07:49:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.07.09 07:46:20 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.01.13 21:10:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.01.13 21:20:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.01.13 21:38:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.01.13 21:24:33 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.01.13 21:51:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.01.13 21:20:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.01.13 21:38:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.01 00:52:16 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2012.10.09 20:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.10.09 20:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.02 07:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.04.03 00:51:57 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.01.13 21:49:17 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.18 23:46:17 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.18 23:46:17 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.05.12 04:39:14 | 000,743,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
[2013.03.18 23:46:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.01.13 21:58:28 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2012.12.07 15:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012.08.21 14:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.10.17 05:31:56 | 000,741,480 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM8e11.dll
[2012.09.12 14:44:28 | 000,270,224 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkcoi8e11.dll
[2012.09.12 14:44:28 | 000,332,176 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinksts8e11LM.dll
[2012.09.12 14:44:34 | 002,723,728 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPScanTRDrv_PSB210.dll
[2012.09.12 14:44:34 | 000,622,480 | ---- | M] (Hewlett-Packard) -- C:\Windows\SysNative\HPWia2_PSB210.dll
[2013.03.18 23:46:17 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.18 23:46:17 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.18 23:46:17 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.18 23:46:17 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2013.07.26 07:12:03 | 015,405,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2013.03.18 23:46:17 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.07.26 07:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.26 07:12:03 | 002,647,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2013.07.26 07:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.26 07:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.26 07:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.03.18 23:46:17 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.18 23:46:17 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.03 19:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll
[2013.07.26 07:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.26 07:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.26 07:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.08.11 02:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2012.11.30 07:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.30 07:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.03.18 23:46:17 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.24 20:03:09 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.07.26 07:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.18 23:46:17 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2013.07.26 07:12:31 | 019,239,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2013.03.18 23:46:17 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.18 23:46:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.18 23:46:17 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.03.18 23:46:17 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.01.04 08:11:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.18 23:46:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.08.23 15:20:40 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.08.23 10:13:07 | 005,773,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.11.01 07:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.11.01 07:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.11.20 07:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.03 19:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.10.03 19:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.10.03 19:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.10.03 19:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlaapi.dll
[2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlasvc.dll
[2013.07.09 07:54:22 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.11.30 07:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.06.11 10:27:48 | 002,211,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.06.11 10:28:22 | 018,581,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.12 04:39:02 | 006,265,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.06.11 10:29:14 | 006,599,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.06.11 10:30:06 | 002,873,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.06.11 10:30:22 | 003,183,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.06.11 10:31:10 | 012,846,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.06.11 10:31:18 | 001,654,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420144.dll
[2012.06.11 10:31:34 | 001,400,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642063.dll
[2012.06.11 10:35:42 | 001,452,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2013.02.18 10:22:18 | 001,472,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2013.02.18 10:22:18 | 000,031,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.05.12 04:39:16 | 000,119,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.06.11 10:32:40 | 020,471,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.12 04:38:58 | 002,985,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.12 04:39:16 | 002,583,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.06.11 10:33:18 | 008,108,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.18 23:46:17 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.08.17 18:25:56 | 000,069,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll
[2012.06.11 10:33:34 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.03.18 23:46:17 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2012.05.04 13:00:43 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.06.04 08:00:13 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.08.23 11:51:57 | 003,174,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.08.23 12:51:14 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.08.23 15:24:57 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.08.23 16:13:11 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013.07.09 07:51:16 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2012.08.24 20:05:03 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2013.02.27 07:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.26 00:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.08.23 14:52:53 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.08.23 15:06:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.08.23 15:40:56 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.07.19 03:58:42 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2013.01.13 21:24:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.18 23:46:17 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.07.26 07:13:28 | 001,365,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.12.13 14:50:38 | 006,112,864 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012.11.22 07:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.03.18 23:46:17 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.07.26 04:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.03.18 23:46:17 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webcheck.dll
[2013.04.26 07:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.04.17 08:24:46 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.01.13 21:25:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.07.26 07:13:37 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2013.01.04 07:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.07.09 07:52:52 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.08.23 15:17:54 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll
[2013.01.13 20:32:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.07.25 11:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.09 07:53:12 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.30 07:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.30 07:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.07 15:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.26 05:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.07.26 05:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.07.26 05:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFSvc.dll
[2012.07.26 05:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.03.19 07:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.03.19 07:53:58 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll
[2013.01.13 20:09:52 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.01.13 19:05:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

< C:\Windows\SysWOW64\*.dll /600 >
[2012.08.23 13:15:57 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\aaclient.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apisetschema.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWOW64\atmlib.dll
[2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\certenc.dll
[2013.07.09 06:46:31 | 001,166,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptdlg.dll
[2013.07.09 06:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll
[2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
[2013.03.18 23:46:17 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll
[2013.03.18 23:46:17 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll
[2013.03.18 23:46:19 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\elshyph.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll
[2012.08.21 14:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWOW64\GEARAspi.dll
[2013.03.18 23:46:17 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icardie.dll
[2013.03.18 23:46:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IEAdvpack.dll
[2013.03.18 23:46:17 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll
[2013.03.18 23:46:17 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iedkcs32.dll
[2013.07.26 05:11:59 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2013.03.18 23:46:18 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll
[2013.07.26 05:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iernonce.dll
[2013.07.26 05:12:00 | 002,048,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2013.07.26 05:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesetup.dll
[2013.07.26 05:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesysprep.dll
[2013.07.26 05:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
[2013.03.18 23:46:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll
[2013.03.18 23:46:19 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inseng.dll
[2013.07.26 05:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2013.07.26 05:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll
[2013.07.26 05:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
[2013.03.18 23:46:17 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\licmgr10.dll
[2013.02.02 22:07:41 | 000,074,703 | ---- | M] () -- C:\Windows\SysWOW64\mfc45.dll
[2013.07.26 05:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2013.03.18 23:46:18 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeedsbs.dll
[2013.07.26 05:12:23 | 014,329,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2013.03.18 23:46:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2013.03.18 23:46:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmler.dll
[2013.03.18 23:46:19 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2013.03.18 23:46:19 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
[2013.03.18 23:46:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll
[2012.08.23 15:47:20 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MsRdpWebAccess.dll
[2012.08.23 10:19:01 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mstscax.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.11.08 12:29:12 | 001,402,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml4.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netevent.dll
[2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
[2013.07.09 06:53:47 | 001,292,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
[2013.07.09 04:49:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll
[2012.06.11 10:27:32 | 001,973,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll
[2012.06.11 10:28:40 | 013,013,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcompiler.dll
[2012.06.11 10:29:32 | 004,938,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuda.dll
[2012.06.11 10:29:50 | 002,581,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvenc.dll
[2012.06.11 10:30:38 | 002,956,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvid.dll
[2012.06.11 10:30:56 | 010,065,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll
[2012.06.11 10:32:24 | 015,053,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoglv32.dll
[2012.06.11 10:33:10 | 006,033,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvwgf2um.dll
[2013.03.18 23:46:18 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\occache.dll
[2012.06.11 10:33:26 | 000,059,712 | ---- | M] (Khronos Group) -- C:\Windows\SysWOW64\OpenCL.dll
[2013.03.18 23:46:18 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll
[2012.05.04 11:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll
[2013.06.04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qedit.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll
[2012.08.23 13:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpendp_winip.dll
[2013.07.09 06:52:33 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
[2012.03.12 06:08:18 | 009,888,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWOW64\RtsPStorIcon.dll
[2012.08.24 18:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.08.24 18:57:40 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
[2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.08.24 18:53:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll
[2012.08.23 15:18:14 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tsgqec.dll
[2013.07.19 03:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll
[2013.03.18 23:46:17 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2013.07.26 05:13:14 | 001,141,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
[2013.03.18 23:46:18 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2013.03.18 23:46:18 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webcheck.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2013.04.17 09:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll
[2013.07.26 05:13:24 | 001,767,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2013.07.09 06:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2012.08.23 15:46:20 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wksprtPS.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll
[2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMPhoto.dll
[2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMVDECOD.DLL
[2013.07.09 06:52:33 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsPrint.dll

< End of report >

ich wusste leider nicht was du mit Extras.txt meinst..
wurde im 4 schritt beschrieben.

aharonov 18.08.2013 23:58
Ok, weiter geht's:


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"EnablePlainTextPassword"=dword:00000000
"EnableSecuritySignature"=dword:00000001
"RequireSecuritySignature"=dword:00000000
"OtherDomains"=hex(7):00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-

:commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Bitte downloade dir LSPFix und speichere es auf den Desktop.
  • Starte die LSPFix.exe.
    Windows Vista und 7 User mit Rechtsklick -> als Administrator ausführen.
  • Setze den Haken bei I know what I'm doing.
  • In der Keep Box solltest du die Datei d3dynfov8.dll aufgeführt finden.
  • Markiere diese d3dynfov8.dll und verschiebe sie in die Remove Box, indem du den Button >> drückst.
  • Klicke danach auf Finish >>.



Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von FRST

charly1601 20.08.2013 14:27
Hallo,
eine Frage wenn ich OTL.exe starte soll ich die Einstellungen so ändern wie es im Fenster im Beispiel steht?und dann auf scan drücken?und welchen Benutzername und wo soll ich es hinschreiben?

aharonov 20.08.2013 14:32
Nein, dass OTL.exe ein Link ist, kannst du ignorieren. Du musst nur die oben geschrieben Anleitung befolgen. Das mit dem Benutzernamen betrifft dich hier auch nicht - auch das ignorieren.

Text aus der Codebox kopieren, bei OTL in die Textbox einfügen und dann Fix drücken.

charly1601 20.08.2013 14:41
All processes killed
========== OTL ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
C:\Windows\SysWOW64\UpdSvc.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00 ,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"EnablePlainTextPassword"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"EnableSecuritySignature"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"RequireSecuritySignature"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"OtherDomains"|hex(7):00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service not found.
Registry value HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\\Update-Service not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: charly1983
->Temp folder emptied: 34297 bytes
->Temporary Internet Files folder emptied: 8535391 bytes
->FireFox cache emptied: 36962304 bytes
->Google Chrome cache emptied: 126830336 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1073998 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 314387 bytes
RecycleBin emptied: 23043832 bytes

Total Files Cleaned = 188,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08202013_153656

Files\Folders moved on Reboot...
C:\Users\charly1983\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\charly1983\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Okay das kam jetzt raus!


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:19 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131