Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   MyStart Incredibar gefangen (https://www.trojaner-board.de/124616-mystart-incredibar-gefangen.html)

timecop069 24.09.2012 15:10
MyStart Incredibar gefangen
 
Hallo,

hab' mir den MyStart Incredibar gefangen, der sich jetzt in meinen Browsern breit macht.

Bereits getan:
  • Incredibar "deinstalliert" (Systemsteuerungen)
  • Als Add-On im Firefox entfernt
  • Defogger auf Disable
  • OTL Quick Scan

Logs sind im Anhang

Gruß

timecop069

M-K-D-B 24.09.2012 17:45
:hallo:

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Bitte füge alle Logfiles in sog. Codeboxen ein. Das Symbol dafür findest du über dem Textfeld, es sieht in etwa so aus: #.
  • Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Ich sehe das Du sogenannte Registry Cleaner am System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.





Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner.

timecop069 24.09.2012 19:23
Hallo,

danke für die Antwort!

Hier die Log:

Code:
# AdwCleaner v2.003 - Datei am 09/24/2012 um 20:21:33 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\Bereinigung\AdwCleaner\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\*****\AppData\Local\APN
Ordner Gefunden : C:\Users\*****\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\*****\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Schlüssel Gefunden : HKU\S-1-5-21-2944338609-1795458362-2074219990-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb178?a=6PQKxUfOSu&i=26

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xsgrabjx.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQKxUfOSu&loc=FF_NT");

Profilname : default-1341528970770
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\55jifxda.default-1341528970770\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQKxUfOSu&loc=FF_NT");

Profilname : default-1341528991644 [Profil par défaut]
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQKxUfOSu&loc=FF_NT");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.cntry", "DE");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10643");
Gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hdrMd5", "EFF082ADEAFBB07F00D89DDF05CCB2D5");
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "72729f24000000000000bc5ff436944d");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15606");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1422:33:35");
Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("extensions.incredibar.newTab", false);
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "1");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.sg", "none");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQKxUfOSu&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.upn2", "6PQKxUfOSu");
Gefunden : user_pref("extensions.incredibar.upn2n", "92543632496399458");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1422:33:35");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10643");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "72729f24000000000000bc5ff436944d");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15606");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "1");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQKxUfOSu&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6PQKxUfOSu");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92543632496399458");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:33:35");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.19] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb178?a=6PQKxUfOSu&i=26" ]
Gefunden [l.54] : icon_url = "hxxp://mystart.incredibar.com/mb178/favicon.ico",
Gefunden [l.57] : keyword = "mystart.incredibar.com/mb178",
Gefunden [l.60] : search_url = "hxxp://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKxUfOSu&i=26",
Gefunden [l.2362] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb178?a=6PQKxUfOSu&i=26" ]

*************************

AdwCleaner[R1].txt - [7281 octets] - [24/09/2012 20:21:33]

########## EOF - C:\AdwCleaner[R1].txt - [7341 octets] ##########

M-K-D-B 24.09.2012 19:38
Servus,



Schritt 1
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.






Macht MyStart Incredibar immer noch Probleme?
Wenn ja, in welchem Browser taucht es noch auf? Wann genau und wo erscheint es?





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die beiden Logdateien von OTL,
  • die Beantwortung meiner Fragen.

timecop069 24.09.2012 19:59
Hallo,

Logs sind im Anhang.

Zu den Fragen:

Intellibar macht auf den ersten Blick die gleichen Probleme, beim Öffnen des neuen Tabs im Firefox öffnet sich deren Werbeseite (auch nach dem Zurücksetzen der newtab Einstellungen in about:config, haben anscheinend beim Neustart des Browsers einen Reset)

Beim Öffnen von Chrome stand da, dass die Einstellungsdatei defekt war und nicht mehr geladen werden kann; meine vorher installierten Add-Ons werden nicht mehr angezeigt, außer NewTab von Incredibar (Hab' ich entfernt)

Beim IE stelle ich auf die Schnelle nichts fest.

Gruß

timecop069

M-K-D-B 24.09.2012 20:24
Servus,



Schritt 1
Code:
:OTL
FF - user.js - File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: suggest_url = ,
CHR - Extension: New tab for Chrome\u2122 = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

:files
C:\PROGRAM FILES\WEB ASSISTANT

:commands
[Emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
    Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *Incredibar*
    *MyStart*

    :folderfind
    *Incredibar*
    *MyStart*

    :regfind
    Incredibar
    MyStart
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei von SystemLook

timecop069 24.09.2012 20:36
Hi,

hier der OTL Fix:

Code:
All processes killed
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
File C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0 not found.
========== FILES ==========
File\Folder C:\PROGRAM FILES\WEB ASSISTANT not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: *****
->Temp folder emptied: 3402953551 bytes
->Temporary Internet Files folder emptied: 703321935 bytes
->Java cache emptied: 1980014 bytes
->FireFox cache emptied: 609678564 bytes
->Google Chrome cache emptied: 333649223 bytes
->Flash cache emptied: 92069 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 32768 bytes
%systemroot%\System32 (64bit) .tmp files removed: 20033472 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72771571 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 402608768 bytes
 
Total Files Cleaned = 5.290,00 mb
 
 
OTL by OldTimer - Version 3.2.66.2 log created on 09242012_212833

Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3592.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Systemlook:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 21:33 on 24/09/2012 by *****
Administrator - Elevation successful

========== filefind ==========

Searching for "*Incredibar* "
No files found.

Searching for "*MyStart* "
No files found.

========== folderfind ==========

Searching for "*Incredibar* "
No folders found.

Searching for "*MyStart* "
No folders found.

========== regfind ==========

Searching for "Incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a70f9a27_0]
@="{0.0.0.00000000}.{d344305c-9617-4535-946e-75c419bad7e8}|\Device\HarddiskVolume2\Users\*****\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="incredibar_installer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_installer_RASMANCS]
[HKEY_USERS\S-1-5-21-2944338609-1795458362-2074219990-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a70f9a27_0]
@="{0.0.0.00000000}.{d344305c-9617-4535-946e-75c419bad7e8}|\Device\HarddiskVolume2\Users\*****\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "MyStart"
No data found.

-= EOF =-

Soll ich jetzt nochmal versuchen, die NewTab Website zurückzusetzen?

Gruß

timecop069

M-K-D-B 24.09.2012 20:49
Servus,



Schritt 1
Code:
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_installer_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_installer_RASMANCS]

:Commands
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S2].txt.





Jetzt versuche bitte die NewTab Seite zurückzusetzen. Hast du Erfolg?
Wie siehts jetzt mit Incredibar in Firefox und Chrome aus?
Im schlimmsten Fall musst du neue Benutzerprofile anlegen...





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL.
  • die Logdatei von AdwCleaner,
  • die Beantwortung meiner Fragen.

timecop069 24.09.2012 21:41
Hi,

OTL:

Code:
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\\Name deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_installer_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_installer_RASMANCS\ deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.66.2 log created on 09242012_223237

Und AdwCleaner:

Code:
# AdwCleaner v2.003 - Datei am 09/24/2012 um 22:37:14 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\Bereinigung\AdwCleaner\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xsgrabjx.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default-1341528970770
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\55jifxda.default-1341528970770\prefs.js

[OK] Die Datei ist sauber.

Profilname : default-1341528991644 [Profil par défaut]
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQKxUfOSu&loc=FF_NT");

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [7402 octets] - [24/09/2012 20:21:33]
AdwCleaner[S1].txt - [8070 octets] - [24/09/2012 20:39:44]
AdwCleaner[S2].txt - [1480 octets] - [24/09/2012 22:37:14]

########## EOF - C:\AdwCleaner[S2].txt - [1540 octets] ##########
Das Zurücksetzen von browser.newtab.url funktioniert zwar, jedoch ist der Wert nach einem Neustart des Browsers wieder bei incredibar.

Gruß

timecop069

M-K-D-B 25.09.2012 15:09
Servus,



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions /64
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Gibts immer noch Probleme in Google Chrome und Firefox?

timecop069 25.09.2012 15:59
Hallo,

hier die

OTL.txt

Code:
OTL logfile created on: 25.09.2012 16:49:41 - Run 3
OTL by OldTimer - Version 3.2.66.2    Folder = C:\Users\*****\Desktop\Bereinigung\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,77 Gb Available Physical Memory | 73,08% Memory free
15,79 Gb Paging File | 13,37 Gb Available in Paging File | 84,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 34,34 Gb Free Space | 28,82% Space Free | Partition Type: NTFS
Drive D: | 596,07 Gb Total Space | 485,23 Gb Free Space | 81,40% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 215,46 Gb Free Space | 11,57% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 126,14 Gb Free Space | 13,54% Space Free | Partition Type: NTFS
Drive G: | 2794,51 Gb Total Space | 2190,64 Gb Free Space | 78,39% Space Free | Partition Type: NTFS
Drive M: | 394,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.24 15:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\Bereinigung\OTL\OTL.exe
PRC - [2012.09.18 21:21:13 | 003,729,400 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.09.10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.09.05 10:36:36 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
PRC - [2012.08.29 14:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.08.27 21:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.08.27 06:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.08.24 13:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.23 03:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012.08.23 03:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.08.09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.07.27 22:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.07.24 15:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012.07.06 19:24:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.27 03:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.02.22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.05 10:36:56 | 022,425,008 | ---- | M] () -- C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4631.0\libcef.dll
MOD - [2012.09.05 10:36:30 | 000,287,152 | ---- | M] () -- C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4631.0\CefSharp.WinForms.dll
MOD - [2012.09.05 10:36:26 | 000,452,528 | ---- | M] () -- C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4631.0\CefSharp.dll
MOD - [2012.08.23 03:35:38 | 013,873,200 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
MOD - [2012.08.23 03:31:22 | 001,590,656 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2012.07.27 22:51:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
MOD - [2012.07.24 14:48:28 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
MOD - [2012.07.23 13:07:56 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bede5c16842b8e1047ec8b160642525b\System.Data.ni.dll
MOD - [2012.07.23 13:07:53 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.07.23 13:07:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.07.23 13:07:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.07.23 13:07:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.07.23 13:07:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.07.23 13:07:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.07.23 13:07:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.18 21:21:13 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.09.17 18:01:08 | 004,537,664 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012.09.13 12:57:52 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2012.09.07 22:19:04 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 00:42:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.24 13:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.23 03:50:44 | 001,127,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 17:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.06 19:24:53 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 19:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 19:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.22 13:34:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.25 15:02:57 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2012.09.18 21:21:14 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.09.18 21:21:11 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012.09.18 21:21:10 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2012.09.18 21:21:10 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012.09.18 21:21:09 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2012.09.18 21:21:08 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.09.18 21:21:08 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.18 22:46:20 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67)
DRV:64bit: - [2012.08.15 15:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 15:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 15:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 15:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.15 15:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.08.01 17:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.07.06 12:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 12:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.20 21:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.19 16:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.27 03:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.27 03:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.27 03:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.02.01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011.12.06 04:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.09.21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.05.09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.02.22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011.02.22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011.02.22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 1B DF D9 8D 93 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4D948AC0-76FB-4EC3-B134-F35E9DFC6299}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: google@hitachi.com:0.3
FF - prefs.js..extensions.enabledAddons: ipfuck@p4ul.info:1.0.1
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: {6bdc61ae-7b80-44a3-9476-e1d121ec2238}:0.85
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: https-everywhere@eff.org:2.2.2
FF - prefs.js..extensions.enabledAddons: {4F0963A3-1658-4fde-9585-23A25CC288BF}:1.9.0.0
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: {210249CE-F888-11DD-B868-4CB456D89593}:3.2.2
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.17 19:29:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012.09.13 22:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012.09.13 22:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 00:42:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 00:42:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.08 00:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.09.23 22:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\extensions
[2012.09.02 00:59:32 | 000,000,000 | ---D | M] (OpenDownload²) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2012.09.20 23:07:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.15 23:04:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.01 00:37:51 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012.09.20 23:07:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\extensions\firefox@ghostery.com
[2012.09.08 00:35:00 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\extensions\https-everywhere@eff.org
[2012.09.15 01:17:06 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\extensions\ich@maltegoetz.de
[2012.09.23 22:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\55jifxda.default-1341528970770\extensions
[2012.09.24 15:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\xsgrabjx.default\extensions
[2012.07.07 02:21:37 | 000,368,105 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\1hu4p3j6.default-1341528991644\extensions\google@hitachi.com.xpi
[2012.07.06 02:45:15 | 000,013,447 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\1hu4p3j6.default-1341528991644\extensions\ipfuck@p4ul.info.xpi
[2012.09.13 21:46:50 | 000,275,902 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\1hu4p3j6.default-1341528991644\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2012.07.06 01:05:07 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\1hu4p3j6.default-1341528991644\extensions\personas@christopher.beard.xpi
[2012.08.06 00:09:22 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\1hu4p3j6.default-1341528991644\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2012.09.15 01:49:18 | 000,447,304 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\1hu4p3j6.default-1341528991644\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2012.07.24 23:24:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\1hu4p3j6.default-1341528991644\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.06 02:45:15 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\1hu4p3j6.default-1341528991644\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.07.06 00:52:09 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\xsgrabjx.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2012.07.06 00:51:48 | 000,743,290 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\xsgrabjx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.07 00:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.13 22:37:40 | 000,000,000 | ---D | M] (AusweisApp) -- C:\PROGRAM FILES (X86)\AUSWEISAPP\MOZILLA\ECARDCLIENTPIN_FFXX_WIN
[2012.09.07 00:42:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 21:02:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.09.19 22:38:42 | 000,001,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na2m-pr.licenses.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com
O1 - Hosts: 127.0.0.1 wip.adobe.com
O1 - Hosts: 127.0.0.1 wip1.adobe.com
O1 - Hosts: 127.0.0.1 wip2.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip4.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 10 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AusweisApp 1.9.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll File not found
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\*****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 File not found
O8:64bit: - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~3\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 File not found
O8:64bit: - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 File not found
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 File not found
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~3\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 File not found
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3517074A-1A94-4609-96B4-556358FDE084}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.15 15:24:30 | 000,000,078 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d7d664c0-0575-11e2-9194-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{d7d664c0-0575-11e2-9194-005056c00008}\Shell\AutoRun\command - "" = M:\Start.exe -- [2009.06.17 16:32:05 | 000,819,304 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.24 21:27:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.24 17:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.09.24 15:39:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Bereinigung
[2012.09.24 00:05:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\ipcc
[2012.09.24 00:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPodRobot
[2012.09.23 22:41:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.09.23 22:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.23 22:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.23 22:41:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.23 22:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.23 22:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.09.23 18:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sciface
[2012.09.22 01:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3
[2012.09.22 01:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Solveig Multimedia
[2012.09.22 01:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyperCam 3
[2012.09.22 01:02:13 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\SolveigMM Multimedia HyperCam 3.3.1110.26
[2012.09.20 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Vessel
[2012.09.19 22:34:45 | 000,000,000 | ---D | C] -- C:\Users\*****\.shsh
[2012.09.19 21:58:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.amazon.music.uploader
[2012.09.19 21:58:31 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Amazon Music Importer
[2012.09.19 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012.09.19 21:44:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\ProgSense
[2012.09.19 21:44:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\GrabPro
[2012.09.19 21:44:39 | 000,000,000 | ---D | C] -- C:\downloads
[2012.09.19 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Orbit
[2012.09.18 22:32:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.09.18 22:32:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Facebook
[2012.09.18 21:24:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Acronis
[2012.09.18 21:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012.09.18 21:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012.09.18 21:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2012.09.18 21:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2012.09.17 18:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012.09.17 18:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.09.17 18:01:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Akamai
[2012.09.17 18:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012.09.16 15:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda HD - Packet by SykeZ
[2012.09.16 15:27:10 | 914,827,661 | ---- | C] (Project 64                                                  ) -- C:\Users\*****\Desktop\Zelda HD.exe
[2012.09.13 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\*****\.ausweisapp
[2012.09.13 22:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusweisApp
[2012.09.13 22:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AusweisApp
[2012.09.13 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\jacksum
[2012.09.13 22:28:06 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\AusweisApp
[2012.09.12 22:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.12 22:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.12 22:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.09.12 22:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.12 22:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.11 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\2012_09_11
[2012.09.11 18:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012.09.11 18:02:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\ManyCam
[2012.09.11 18:02:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ManyCam
[2012.09.11 18:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012.09.11 18:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.09.11 18:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012.09.11 15:19:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\test
[2012.09.10 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2012.09.08 02:13:38 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\OpenHardwareMonitor
[2012.09.08 01:11:50 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\2012_09_08
[2012.09.08 01:07:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.09.08 01:07:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Canon
[2012.09.08 01:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.09.08 01:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012.09.08 01:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2012.09.08 00:58:47 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.09.08 00:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan 9000F
[2012.09.08 00:58:42 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.09.08 00:56:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Treiber Scanner
[2012.09.07 23:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy
[2012.09.07 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\patch
[2012.09.07 00:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.07 00:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.09.07 00:39:53 | 000,096,768 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.09.07 00:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.09.07 00:38:15 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Einkäufe
[2012.09.02 13:20:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.09.02 13:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.09.02 13:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012.09.02 13:14:10 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Prime95
[2012.08.31 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.30 21:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5
[2012.08.30 21:15:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
[2012.08.29 23:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.08.29 23:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.08.29 23:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.08.29 23:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.08.29 19:58:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\VMware
[2012.08.29 19:58:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\VMware
[2012.08.29 19:19:46 | 000,070,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2012.08.29 19:19:46 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2012.08.29 19:19:46 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2012.08.29 19:19:45 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012.08.29 19:19:45 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2012.08.29 19:19:24 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012.08.29 19:19:21 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012.08.29 19:19:15 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012.08.29 19:19:13 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012.08.29 19:19:12 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012.08.29 19:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.08.29 19:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012.08.29 19:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2012.08.29 19:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012.08.29 18:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.25 16:37:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000UA.job
[2012.09.25 16:17:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000UA.job
[2012.09.25 15:10:08 | 000,022,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.25 15:10:08 | 000,022,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.25 15:08:51 | 001,657,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.25 15:08:51 | 000,712,268 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.25 15:08:51 | 000,665,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.25 15:08:51 | 000,155,286 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.25 15:08:51 | 000,127,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.25 15:03:56 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.09.25 15:02:57 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2012.09.25 15:02:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.25 15:02:42 | 2064,121,855 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.24 22:37:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000Core.job
[2012.09.24 21:09:42 | 000,014,336 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.24 15:40:18 | 000,000,198 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2012.09.24 15:33:30 | 005,032,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.24 00:05:18 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2012.09.23 22:41:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.23 20:17:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000Core.job
[2012.09.23 14:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.09.23 14:10:10 | 000,235,362 | ---- | M] () -- C:\Users\*****\Desktop\TheHobbit_1920x1080_twitter-skin.jpg
[2012.09.23 14:08:48 | 000,044,785 | ---- | M] () -- C:\Users\*****\Desktop\TheHobbit_851x315_facebook-cover.jpg
[2012.09.23 00:37:36 | 042,523,460 | ---- | M] () -- C:\Users\*****\Desktop\YouPorn_20-_20Retro_20clips_20from_20the_2080_20s_20and_20th.flv
[2012.09.22 22:45:52 | 000,425,060 | ---- | M] () -- C:\Users\*****\Desktop\tumblr_m0dcmgNEvr1r6l05ro1_500_large.gif
[2012.09.22 12:10:43 | 000,001,522 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2012.09.22 01:02:42 | 000,001,047 | ---- | M] () -- C:\Users\*****\Desktop\HyperCam 3.lnk
[2012.09.19 22:38:42 | 000,001,835 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.19 22:38:42 | 000,001,834 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012.09.19 21:58:29 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk
[2012.09.19 21:41:46 | 054,057,937 | ---- | M] () -- C:\Users\*****\Desktop\873a990b-57d3-4e02-b107-2d091264ef07.mp4
[2012.09.19 21:38:08 | 050,204,414 | ---- | M] () -- C:\Users\*****\Desktop\The Hobbit - Official Trailer #2 [1080p HD].mp4
[2012.09.18 22:32:38 | 000,001,336 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.09.18 21:58:02 | 000,001,236 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AcronisAct.lnk
[2012.09.18 21:21:06 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\True Image 2013.lnk
[2012.09.17 18:16:47 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2012.09.15 15:53:23 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.15 15:53:23 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.15 15:53:14 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.15 01:25:38 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.09.13 22:41:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012.09.13 22:28:22 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.09.12 22:36:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.11 22:21:34 | 017,367,861 | ---- | M] () -- C:\Users\*****\Desktop\Vulkanausbruch St. Helens.flv
[2012.09.11 18:02:24 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.09.11 00:28:10 | 101,448,004 | ---- | M] () -- C:\Users\*****\Desktop\Harry Potter und der Penner von Alcatraz Outtakes 1-2.mp4
[2012.09.11 00:27:54 | 097,958,360 | ---- | M] () -- C:\Users\*****\Desktop\Harry Potter und der Penner von Alcatraz Outtakes 2-2.mp4
[2012.09.10 21:58:52 | 000,000,600 | ---- | M] () -- C:\Users\*****\AppData\Roaming\winscp.rnd
[2012.09.10 21:56:22 | 000,176,128 | ---- | M] () -- C:\Users\*****\Desktop\Classes.sqlite
[2012.09.08 21:11:25 | 004,042,243 | ---- | M] () -- C:\Users\*****\Desktop\Test.jpg
[2012.09.08 01:04:20 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2012.09.07 23:08:20 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.09.07 23:06:27 | 2041,324,353 | ---- | M] () -- C:\Users\*****\Desktop\CLI_CrysisWarheadTextureupdate.7z
[2012.09.07 22:53:40 | 2184,300,225 | ---- | M] () -- C:\Users\*****\Desktop\CLI_CrysisTextureupdate.7z
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 22:47:28 | 102,050,040 | ---- | M] () -- C:\Users\*****\Desktop\wdr_fernsehen_quarks_und_co_20100420.mp4
[2012.09.04 22:06:05 | 093,240,710 | ---- | M] () -- C:\Users\*****\Desktop\wdr_fernsehen_quarks_und_co_20100316.mp4
[2012.09.02 23:21:13 | 398,942,208 | ---- | M] () -- C:\Users\*****\Desktop\mobbing an der schule _ reflect_and_act.mpg
[2012.09.02 13:20:16 | 000,001,011 | ---- | M] () -- C:\Users\*****\Desktop\SpeedFan.lnk
[2012.08.31 13:59:49 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.08.31 13:59:48 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.08.30 23:49:26 | 000,001,017 | ---- | M] () -- C:\Users\*****\Desktop\Dropbox.lnk
[2012.08.30 23:49:26 | 000,000,997 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.30 21:15:32 | 000,000,921 | ---- | M] () -- C:\Users\*****\Desktop\HTML Editor.lnk
[2012.08.29 19:19:09 | 001,677,304 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.26 20:36:43 | 000,006,906 | ---- | M] () -- C:\Users\*****\Desktop\[Pascal]Stundenprotokoll 21 8 12 (2).odt
[2012.08.26 17:15:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.24 15:40:18 | 000,000,198 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2012.09.24 00:05:18 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2012.09.23 22:41:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.23 14:10:09 | 000,235,362 | ---- | C] () -- C:\Users\*****\Desktop\TheHobbit_1920x1080_twitter-skin.jpg
[2012.09.23 14:07:30 | 000,044,785 | ---- | C] () -- C:\Users\*****\Desktop\TheHobbit_851x315_facebook-cover.jpg
[2012.09.23 00:34:08 | 042,523,460 | ---- | C] () -- C:\Users\*****\Desktop\YouPorn_20-_20Retro_20clips_20from_20the_2080_20s_20and_20th.flv
[2012.09.22 22:45:52 | 000,425,060 | ---- | C] () -- C:\Users\*****\Desktop\tumblr_m0dcmgNEvr1r6l05ro1_500_large.gif
[2012.09.22 12:10:43 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2012.09.22 12:10:43 | 000,001,522 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2012.09.22 01:02:42 | 000,001,047 | ---- | C] () -- C:\Users\*****\Desktop\HyperCam 3.lnk
[2012.09.19 21:58:29 | 000,001,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk
[2012.09.19 21:58:29 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk
[2012.09.19 21:40:34 | 054,057,937 | ---- | C] () -- C:\Users\*****\Desktop\873a990b-57d3-4e02-b107-2d091264ef07.mp4
[2012.09.19 21:32:40 | 050,204,414 | ---- | C] () -- C:\Users\*****\Desktop\The Hobbit - Official Trailer #2 [1080p HD].mp4
[2012.09.18 22:32:38 | 000,001,336 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.09.18 22:32:23 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000UA.job
[2012.09.18 22:32:23 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000Core.job
[2012.09.18 21:21:06 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\True Image 2013.lnk
[2012.09.17 18:16:47 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2012.09.13 22:41:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012.09.12 22:36:05 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.11 22:19:22 | 017,367,861 | ---- | C] () -- C:\Users\*****\Desktop\Vulkanausbruch St. Helens.flv
[2012.09.11 18:02:24 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.09.11 00:27:04 | 097,958,360 | ---- | C] () -- C:\Users\*****\Desktop\Harry Potter und der Penner von Alcatraz Outtakes 2-2.mp4
[2012.09.11 00:26:55 | 101,448,004 | ---- | C] () -- C:\Users\*****\Desktop\Harry Potter und der Penner von Alcatraz Outtakes 1-2.mp4
[2012.09.10 21:56:22 | 000,176,128 | ---- | C] () -- C:\Users\*****\Desktop\Classes.sqlite
[2012.09.08 21:11:25 | 004,042,243 | ---- | C] () -- C:\Users\*****\Desktop\Test.jpg
[2012.09.08 01:04:20 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2012.09.08 00:58:45 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2012.09.08 00:58:45 | 000,786,504 | ---- | C] () -- C:\Windows\SysNative\CNQ9602N.DAT
[2012.09.08 00:58:45 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2012.09.08 00:58:45 | 000,296,064 | ---- | C] () -- C:\Windows\SysNative\CNQ9602W.DAT
[2012.09.08 00:58:45 | 000,019,712 | ---- | C] () -- C:\Windows\SysWow64\CNQ1908D.TBL
[2012.09.08 00:58:45 | 000,019,712 | ---- | C] () -- C:\Windows\SysNative\CNQ1908D.TBL
[2012.09.07 23:08:19 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.09.07 22:54:18 | 2041,324,353 | ---- | C] () -- C:\Users\*****\Desktop\CLI_CrysisWarheadTextureupdate.7z
[2012.09.07 22:40:38 | 2184,300,225 | ---- | C] () -- C:\Users\*****\Desktop\CLI_CrysisTextureupdate.7z
[2012.09.04 22:46:49 | 102,050,040 | ---- | C] () -- C:\Users\*****\Desktop\wdr_fernsehen_quarks_und_co_20100420.mp4
[2012.09.04 22:05:34 | 093,240,710 | ---- | C] () -- C:\Users\*****\Desktop\wdr_fernsehen_quarks_und_co_20100316.mp4
[2012.09.02 23:15:39 | 398,942,208 | ---- | C] () -- C:\Users\*****\Desktop\mobbing an der schule _ reflect_and_act.mpg
[2012.09.02 13:20:16 | 000,001,011 | ---- | C] () -- C:\Users\*****\Desktop\SpeedFan.lnk
[2012.09.02 13:20:05 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.08.30 22:15:20 | 000,006,906 | ---- | C] () -- C:\Users\*****\Desktop\[Pascal]Stundenprotokoll 21 8 12 (2).odt
[2012.08.30 21:15:32 | 000,000,921 | ---- | C] () -- C:\Users\*****\Desktop\HTML Editor.lnk
[2012.08.14 21:28:28 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.08.12 22:51:06 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Roaming\winscp.rnd
[2012.08.07 16:59:30 | 000,028,996 | ---- | C] () -- C:\Windows\Hashes.exe
[2012.08.03 15:16:46 | 000,000,093 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2012.07.26 22:46:44 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012.07.26 22:46:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\hpcc3130.dll
[2012.07.26 00:51:44 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.07.08 01:01:51 | 000,014,336 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.07 01:33:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.07.06 19:50:37 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012.07.06 19:15:57 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.06 19:15:57 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.06 00:23:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.06 00:04:28 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.07.06 00:04:27 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.07.06 00:04:26 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.07.06 00:04:26 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.07.02 20:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.06.09 19:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.30 11:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.05.21 18:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012.03.08 00:16:33 | 001,677,304 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.12.07 23:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.01 23:48:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2012.09.18 21:24:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Acronis
[2012.08.25 11:21:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity
[2012.07.08 14:36:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BTS
[2012.08.16 00:12:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\calibre
[2012.09.08 21:13:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon
[2012.07.07 01:44:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.19 21:58:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.amazon.music.uploader
[2012.08.26 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Pro
[2012.09.25 15:04:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox
[2012.08.26 14:06:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.09.19 21:44:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GrabPro
[2012.08.25 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2012.07.08 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LucasArts
[2012.09.11 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam
[2012.07.06 01:48:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\NewsLeecher
[2012.07.06 01:49:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++
[2012.09.24 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Orbit
[2012.08.09 23:32:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2012.09.19 21:44:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProgSense
[2012.07.07 22:04:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RotMG.Production
[2012.07.06 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Shark007
[2012.09.10 21:53:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2012.07.23 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Teeworlds
[2012.07.29 23:58:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft
[2012.09.20 20:30:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vessel
[2012.07.06 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions >
"web2pdfextension@web2pdf.adobedotcom" = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn -- [2012.08.17 19:29:53 | 000,000,000 | ---D | M]
"{4F3D26C8-9907-48ff-BC74-B8C572D317BF}" = C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win -- [2012.09.13 22:37:40 | 000,000,000 | ---D | M]
"{4F0963A3-1658-4fde-9585-23A25CC288BF}" = C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win -- [2012.09.13 22:37:40 | 000,000,000 | ---D | M]
 
< HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions /64 >
"{336D0C35-8A85-403a-B9D2-65C292C39087}" = C:\Program Files\Web Assistant\Firefox
 
<          >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.06 00:00:59 | 000,000,828 | ---- | C] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.07.06 00:00:59 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.07.06 14:02:20 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000Core.job
[2012.07.06 14:02:20 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000UA.job
[2012.09.18 22:32:23 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000Core.job
[2012.09.18 22:32:23 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000UA.job

< End of report >
Es wurde keine neue Extras.Txt erstellt.

Firefox macht wie gehabt beim Öffnen eines neuen Tabs Probleme, Google Chrome jetzt nicht mehr, hat ja eine neue Einstellungsdatei erstellt (was ich beim Firefox vermeiden möchte)

Gruß

timecop069

M-K-D-B 26.09.2012 13:26
Servus,


  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
    Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :regfind
    {336D0C35-8A85-403a-B9D2-65C292C39087}
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Zitat:
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na2m-pr.licenses.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com
O1 - Hosts: 127.0.0.1 wip.adobe.com
O1 - Hosts: 127.0.0.1 wip1.adobe.com
O1 - Hosts: 127.0.0.1 wip2.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip4.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 10 more lines...
Mit Hilfe dieser Einträge kann dein Computer Seiten von Adobe nicht erreichen. Es gibt keinen vernüftigen Grund, diese Seiten zu blockieren.
Diese Einträge in der Hosts Datei deuten auf illegale Software hin.

Erschwerend kommt hinzu, dass es so aussieht, als od du diese Einträge im ersten OTL scan vor mir verheimlichen wolltest:
Zitat:
O1 HOSTS File: ([2012.09.19 22:38:42 | 000,001,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
h
Was kannst/möchtest du mir dazu sagen?

timecop069 26.09.2012 19:10
Hallo,



Hier die Ausgabe von SystemLook:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:05 on 26/09/2012 by Felix
Administrator - Elevation successful

========== regfind ==========

Searching for "{336D0C35-8A85-403a-B9D2-65C292C39087}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox"
[HKEY_USERS\S-1-5-21-2944338609-1795458362-2074219990-1000\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]

Searching for "        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{165C5937-67DB-4062-A918-6A49E201C5A3}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E26}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7A1281CD-D15B-4286-8EF1-78C136B59418}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
                <Descriptor descriptorID="{6AB00271-515B-4a4d-8A6E-9E66BF96A437}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{EEC292F8-B506-403e-81A5-E4E6A68E21B0}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
                <Descriptor descriptorID="{6AB00271-515B-4a4d-8A6E-9E66BF96A437}"/>
            </Rating>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{86F8EA9A-59A3-49F6-A141-DFC239D0CFE5}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
                <Descriptor descriptorID="{22F2530E-A42D-4351-A7F1-0242CFEFF822}"/>
                <Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{79F6B936-0C8F-4d67-90A6-B7B2E0F37973}"/>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{72C4EED7-DC34-4308-BC61-4819752AC408}"/>
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" rati
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ST&PROD_8GB&REV_0000#AA6270949J4000000602&0#]
"DeviceDesc"="8GB            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ST&PROD_8GB&REV_0000#AA6270949J4000000602&0#]
"DeviceDesc"="8GB            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ST&PROD_8GB&REV_0000#AA6270949J4000000602&0#]
"DeviceDesc"="8GB            "

-= EOF =-

Zu deinen Fragen:

Über die Adobe Programme (in diesem Fall die Suite für Design) habe ich keinen Einfluss, sie werden von der Firma bereitgestellt und installiert.

Zu den "hosts 127....." Einträgen kann ich nichts sagen, kenne die nicht? Wo ist das eingetragen?

Ich habe in den letzten Tagen nichts installiert oder geändert, außer als ich versucht habe mit "SpyBot" etwas aufzutreiben (Vollscan und Immunisierung hieß das).


Gruß

timecop069

M-K-D-B 26.09.2012 19:34
Servus,


ich habe bei dir noch mal etwas von Incredibar unter Firefox gefunden.
So gehts weiter:



Schritt 1
Code:
:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=-
[-HKEY_USERS\S-1-5-21-2944338609-1795458362-2074219990-1000\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]

:Commands
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S3].txt.





Schritt 3
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von ComboFix.

timecop069 26.09.2012 20:09
Hallo,

hier die Logs

OTL

Code:
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_USERS\S-1-5-21-2944338609-1795458362-2074219990-1000\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: *****
->Temp folder emptied: 321305967 bytes
->Temporary Internet Files folder emptied: 2750707 bytes
->Java cache emptied: 17370447 bytes
->FireFox cache emptied: 824321188 bytes
->Google Chrome cache emptied: 7011597 bytes
->Flash cache emptied: 2348 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2887846 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.121,00 mb
 
 
OTL by OldTimer - Version 3.2.66.2 log created on 09262012_204731

Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3664.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
ADWCleaner

Code:
# AdwCleaner v2.003 - Datei am 09/26/2012 um 20:52:59 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\Bereinigung\AdwCleaner\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xsgrabjx.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default-1341528970770
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\55jifxda.default-1341528970770\prefs.js

[OK] Die Datei ist sauber.

Profilname : default-1341528991644 [Profil par défaut]
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQKxUfOSu&loc=FF_NT");

-\\ Google Chrome v22.0.1229.79

Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.30] : icon_url = "hxxp://mystart.incredibar.com/mb178/favicon.ico",
Gelöscht [l.33] : keyword = "mystart.incredibar.com/mb178",
Gelöscht [l.36] : search_url = "hxxp://mystart.incredibar.com/mb178/?loc=IB_DS&search={searchTerms}&a=6PQKxUfOSu&i=26",

*************************

AdwCleaner[R1].txt - [7402 octets] - [24/09/2012 20:21:33]
AdwCleaner[S1].txt - [8070 octets] - [24/09/2012 20:39:44]
AdwCleaner[S2].txt - [1609 octets] - [24/09/2012 22:37:14]
AdwCleaner[S3].txt - [1775 octets] - [26/09/2012 20:52:59]

########## EOF - C:\AdwCleaner[S3].txt - [1835 octets] ##########
Combofix

Code:
ComboFix 12-09-26.02 - ***** 26.09.2012  20:58:15.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8086.6016 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\Bereinigung\Combofix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
G:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-26 bis 2012-09-26  ))))))))))))))))))))))))))))))
.
.
2012-09-26 19:02 . 2012-09-26 19:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-26 18:53 . 2012-09-26 18:53        94656        ----a-w-        c:\windows\system32\WPRO_41_2001woem.tmp
2012-09-26 18:18 . 2012-09-26 18:18        --------        d-----w-        c:\users\*****\AppData\Local\SCE
2012-09-26 18:18 . 2012-09-26 18:18        --------        d-----w-        C:\Crash
2012-09-25 20:20 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75B2DD1E-F23F-412B-875E-880922A465DB}\mpengine.dll
2012-09-25 15:13 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-24 19:27 . 2012-09-24 19:27        --------        d-----w-        C:\_OTL
2012-09-23 20:41 . 2012-09-23 20:41        --------        d-----w-        c:\users\*****\AppData\Roaming\Malwarebytes
2012-09-23 20:41 . 2012-09-23 20:41        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-23 20:41 . 2012-09-23 20:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-23 20:41 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-23 20:33 . 2012-09-23 20:33        --------        d-----w-        c:\program files (x86)\Perion
2012-09-23 16:23 . 2012-09-23 16:23        --------        d-----w-        c:\program files (x86)\Common Files\Sciface
2012-09-21 23:02 . 2012-09-21 23:02        --------        d-----w-        c:\program files (x86)\Common Files\Solveig Multimedia
2012-09-21 23:02 . 2012-09-21 23:03        --------        d-----w-        c:\program files (x86)\HyperCam 3
2012-09-20 18:25 . 2012-09-20 18:30        --------        d-----w-        c:\users\*****\AppData\Roaming\Vessel
2012-09-19 20:34 . 2012-09-19 20:36        --------        d-----w-        c:\users\*****\.shsh
2012-09-19 19:58 . 2012-09-19 19:58        --------        d-----w-        c:\users\*****\AppData\Roaming\com.amazon.music.uploader
2012-09-19 19:58 . 2012-09-19 19:58        --------        d-----w-        c:\program files (x86)\Amazon
2012-09-19 19:44 . 2012-09-19 19:44        --------        d-----w-        c:\users\*****\AppData\Roaming\ProgSense
2012-09-19 19:44 . 2012-09-19 19:46        --------        d-----w-        C:\downloads
2012-09-19 19:44 . 2012-09-19 19:44        --------        d-----w-        c:\users\*****\AppData\Roaming\GrabPro
2012-09-19 19:43 . 2012-09-24 13:42        --------        d-----w-        c:\users\*****\AppData\Roaming\Orbit
2012-09-18 20:32 . 2012-09-18 20:32        --------        d-----w-        c:\users\*****\AppData\Local\Facebook
2012-09-18 19:21 . 2012-09-18 19:21        367200        ----a-w-        c:\windows\system32\drivers\afcdp.sys
2012-09-18 19:21 . 2012-09-18 19:21        1340040        ----a-w-        c:\windows\system32\drivers\tdrpman.sys
2012-09-18 19:21 . 2012-09-18 19:21        228488        ----a-w-        c:\windows\system32\drivers\vididr.sys
2012-09-18 19:21 . 2012-09-18 19:21        1093256        ----a-w-        c:\windows\system32\drivers\tib_mounter.sys
2012-09-18 19:21 . 2012-09-18 19:21        166024        ----a-w-        c:\windows\system32\drivers\vidsflt.sys
2012-09-18 19:21 . 2012-09-18 19:21        340104        ----a-w-        c:\windows\system32\drivers\snapman.sys
2012-09-18 19:21 . 2012-09-18 19:21        155272        ----a-w-        c:\windows\system32\drivers\fltsrv.sys
2012-09-18 19:20 . 2012-09-18 19:21        --------        d-----w-        c:\program files (x86)\Common Files\Acronis
2012-09-18 19:20 . 2012-09-18 19:20        --------        d-----w-        c:\program files (x86)\Acronis
2012-09-17 16:06 . 2012-09-17 16:15        --------        d-----w-        c:\program files (x86)\Common Files\InstallShield
2012-09-17 16:01 . 2012-09-17 16:03        --------        d-----w-        c:\users\*****\AppData\Local\Akamai
2012-09-17 16:01 . 2012-09-26 18:56        --------        d-----w-        c:\program files (x86)\Common Files\Akamai
2012-09-13 20:38 . 2012-09-15 12:04        --------        d-----w-        c:\users\*****\.ausweisapp
2012-09-13 20:37 . 2012-09-13 20:38        --------        d-----w-        c:\program files (x86)\AusweisApp
2012-09-12 20:36 . 2012-08-21 11:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-12 20:35 . 2012-09-12 20:36        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-12 20:35 . 2012-09-12 20:36        --------        d-----w-        c:\program files\iTunes
2012-09-12 20:35 . 2012-09-12 20:36        --------        d-----w-        c:\program files (x86)\iTunes
2012-09-12 20:35 . 2012-09-12 20:35        --------        d-----w-        c:\program files\iPod
2012-09-12 13:43 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:43 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-12 13:43 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 13:43 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:43 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-12 13:43 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:43 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 16:02 . 2012-09-11 16:02        --------        d-----w-        c:\users\*****\AppData\Roaming\ManyCam
2012-09-11 16:02 . 2012-09-11 16:02        --------        d-----w-        c:\users\*****\AppData\Local\ManyCam
2012-09-11 16:02 . 2012-09-11 16:02        --------        d-----w-        c:\programdata\ManyCam
2012-09-11 16:01 . 2012-09-11 16:02        --------        d-----w-        c:\program files (x86)\ManyCam
2012-09-10 19:52 . 2012-09-10 19:53        --------        d-----w-        c:\users\*****\AppData\Roaming\TeamViewer
2012-09-08 00:13 . 2012-09-08 00:13        --------        d-----w-        c:\windows\system32\wbem\Framework
2012-09-07 23:07 . 2012-09-07 23:07        --------        d--h--w-        c:\programdata\CanonIJScan
2012-09-07 23:07 . 2012-09-08 19:13        --------        d-----w-        c:\users\*****\AppData\Roaming\Canon
2012-09-07 23:04 . 2012-09-07 23:04        --------        d-----w-        c:\program files (x86)\Canon
2012-09-07 23:04 . 2012-09-07 23:04        --------        d-----w-        c:\program files\Common Files\CANON
2012-09-07 22:58 . 2012-09-07 22:58        --------        d--h--w-        c:\windows\system32\CanonIJ Uninstaller Information
2012-09-07 22:58 . 2009-12-21 11:00        346624        ----a-w-        c:\windows\system32\CNQ9602L.dll
2012-09-07 22:58 . 2009-12-21 10:58        307200        ----a-w-        c:\windows\SysWow64\CNQ9602L.dll
2012-09-07 22:58 . 2009-10-05 16:10        1324544        ----a-w-        c:\windows\system32\CNQ9602C.dll
2012-09-07 22:58 . 2009-10-05 16:09        109568        ----a-w-        c:\windows\system32\CNQ9602I.dll
2012-09-07 22:58 . 2009-10-05 16:05        102400        ----a-w-        c:\windows\SysWow64\CNQ9602U.dll
2012-09-07 22:58 . 2008-08-25 16:02        17920        ----a-w-        c:\windows\system32\CNHMCA6.dll
2012-09-07 22:58 . 2008-08-25 16:02        15872        ----a-w-        c:\windows\SysWow64\CNHMCA.dll
2012-09-07 22:58 . 2012-09-07 22:58        --------        d--h--w-        c:\program files\CanonBJ
2012-09-07 22:58 . 2010-06-03 13:12        103424        ----a-w-        c:\windows\system32\CNQ9602O.dll
2012-09-07 22:58 . 2009-09-10 07:00        245760        ----a-w-        c:\windows\system32\CNQ9602Y.dll
2012-09-07 21:08 . 2012-09-07 21:08        669184        ----a-w-        c:\windows\SysWow64\pbsvc.exe
2012-09-06 22:39 . 2012-07-29 11:59        96768        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-09-06 22:39 . 2012-05-05 09:54        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2012-09-06 22:39 . 2012-05-05 09:54        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2012-09-06 22:39 . 2012-05-05 09:54        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2012-09-06 22:39 . 2012-05-05 09:54        1071088        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2012-09-06 22:39 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2012-09-06 22:39 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2012-09-06 22:39 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2012-09-06 22:39 . 2012-09-06 22:40        --------        d-----w-        c:\program files (x86)\PDFCreator
2012-09-02 11:20 . 2012-09-13 20:28        --------        d-----w-        c:\program files (x86)\SpeedFan
2012-08-31 20:15 . 2009-07-14 01:39        1402880        ----a-w-        c:\windows\system32\utilman.exe.orig
2012-08-31 19:45 . 2012-08-31 19:45        2295408        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 19:44 . 2012-08-31 19:44        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-31 11:42 . 2012-08-31 11:42        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-08-31 11:42 . 2012-08-31 11:42        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 11:41 . 2012-08-31 11:41        289768        ----a-w-        c:\windows\system32\javaws.exe
2012-08-31 11:41 . 2012-08-31 11:41        189416        ----a-w-        c:\windows\system32\javaw.exe
2012-08-31 11:41 . 2012-08-31 11:41        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-31 11:41 . 2012-08-31 11:41        188904        ----a-w-        c:\windows\system32\java.exe
2012-08-30 19:15 . 2012-09-23 21:07        --------        d-----w-        c:\program files (x86)\phase5
2012-08-29 21:13 . 2012-08-29 21:14        --------        d-----w-        c:\program files (x86)\Common Files\Nero
2012-08-29 21:13 . 2012-08-29 21:18        --------        d-----w-        c:\programdata\Nero
2012-08-29 21:09 . 2011-12-01 09:42        15920        ----a-w-        c:\windows\system32\drivers\NBVolUp.sys
2012-08-29 21:09 . 2012-08-29 21:17        --------        d-----w-        c:\program files (x86)\Nero
2012-08-29 21:09 . 2011-12-01 09:42        72240        ----a-w-        c:\windows\system32\drivers\NBVol.sys
2012-08-29 17:58 . 2012-08-31 15:27        --------        d-----w-        c:\users\*****\AppData\Local\VMware
2012-08-29 17:58 . 2012-08-31 15:17        --------        d-----w-        c:\users\*****\AppData\Roaming\VMware
2012-08-29 16:32 . 2012-08-29 16:32        --------        d-----w-        c:\program files\HashTab Shell Extension
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 18:53 . 2012-07-05 22:03        34752        ----a-w-        c:\windows\system32\drivers\WPRO_41_2001.sys
2012-09-20 19:40 . 2012-08-08 16:57        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-20 19:40 . 2012-08-08 16:57        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-19 19:31 . 2012-07-05 23:27        73136        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-19 19:31 . 2012-07-05 23:27        696240        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-15 13:53 . 2012-07-06 17:19        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-09-15 13:53 . 2012-07-06 17:15        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-09-15 13:53 . 2012-07-06 17:15        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-09-12 17:52 . 2012-07-05 21:42        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-08-31 11:59 . 2012-08-26 14:07        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2012-08-31 11:59 . 2012-08-26 14:07        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2012-08-31 11:59 . 2012-08-26 14:07        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2012-08-31 11:59 . 2012-08-26 14:07        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2012-08-31 11:42 . 2012-07-06 00:07        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 11:42 . 2012-07-06 00:07        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-31 11:41 . 2012-07-06 00:05        916456        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-31 11:41 . 2012-07-06 00:05        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-21 11:01 . 2012-07-05 23:02        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-07-05 23:02        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-08-18 20:46 . 2012-08-18 20:46        146528        ----a-w-        c:\windows\system32\drivers\vsflt67.sys
2012-08-15 13:16 . 2012-08-15 13:16        62104        ----a-w-        c:\windows\system32\vmnetbridge.dll
2012-08-15 13:16 . 2012-08-15 13:16        48792        ----a-w-        c:\windows\system32\vnetinst.dll
2012-08-15 13:16 . 2012-08-15 13:16        45720        ----a-w-        c:\windows\system32\drivers\vmnetbridge.sys
2012-08-15 13:16 . 2012-08-15 13:16        24216        ----a-w-        c:\windows\system32\drivers\vmnet.sys
2012-08-15 13:16 . 2012-08-15 13:16        20120        ----a-w-        c:\windows\system32\drivers\vmnetadapter.sys
2012-08-15 11:33 . 2012-08-15 11:33        353280        ----a-w-        c:\windows\SysWow64\vmnc.dll
2012-08-08 16:56 . 2012-08-08 16:56        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-07 14:59 . 2012-08-07 14:59        28996        ----a-w-        c:\windows\Hashes.exe
2012-07-28 04:09 . 2012-07-28 04:09        5538984        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07        10278912        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43        70144        ----a-w-        c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19        24935424        ----a-w-        c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50        20546560        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15        163840        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15        931328        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-06-11 17:23        1100288        ----a-w-        c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-06-11 17:20        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10        534528        ----a-w-        c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09        239616        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07        6430208        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2012-06-11 17:01        7052288        ----a-w-        c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-06-11 16:51        4266496        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34        16034304        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32        4751872        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30        13605888        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-06-11 16:36        6676480        ----a-w-        c:\windows\system32\atiumd64.dll
2012-07-28 01:22 . 2012-07-28 01:22        77312        ----a-w-        c:\windows\system32\amdave64.dll
2012-07-28 01:22 . 2012-07-28 01:22        77312        ----a-w-        c:\windows\SysWow64\amdave32.dll
2012-07-28 01:22 . 2012-07-28 01:22        74240        ----a-w-        c:\windows\system32\atisamu64.dll
2012-07-28 01:22 . 2012-07-28 01:22        71168        ----a-w-        c:\windows\atisamu32.dll
2012-07-28 01:15 . 2012-06-11 16:27        540160        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15        368640        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15        17920        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15        41984        ----a-w-        c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14        368640        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2012-06-11 16:25        129536        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13        109568        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-06-11 16:25        103936        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-06-11 16:24        83456        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:09 . 2012-07-28 01:09        57792        ----a-w-        c:\windows\SysWow64\sirenacm.dll
2012-07-28 01:08 . 2012-07-28 01:08        56320        ----a-w-        c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08        56320        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08        56832        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08        56832        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-07-28 00:54 . 2012-07-28 00:54        321472        ----a-w-        c:\windows\WLXPGSS.SCR
2012-07-26 17:08 . 2012-07-26 17:08        862664        ----a-w-        c:\windows\SysWow64\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08        534480        ----a-w-        c:\windows\SysWow64\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08        251864        ----a-w-        c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08        153536        ----a-w-        c:\windows\SysWow64\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08        115656        ----a-w-        c:\windows\SysWow64\vcomp110.dll
2012-07-26 13:22 . 2012-07-26 13:22        828872        ----a-w-        c:\windows\system32\msvcr110.dll
2012-07-26 13:22 . 2012-07-26 13:22        661448        ----a-w-        c:\windows\system32\msvcp110.dll
2012-07-26 13:22 . 2012-07-26 13:22        354264        ----a-w-        c:\windows\system32\vccorlib110.dll
2012-07-26 13:22 . 2012-07-26 13:22        177096        ----a-w-        c:\windows\system32\atl110.dll
2012-07-26 13:22 . 2012-07-26 13:22        124360        ----a-w-        c:\windows\system32\vcomp110.dll
2012-07-25 22:51 . 2012-07-25 22:51        42440        ----a-w-        c:\windows\SysWow64\xfcodec.dll
2012-07-25 22:51 . 2012-07-25 22:51        28104        ----a-w-        c:\windows\system32\xfcodec64.dll
2012-07-18 18:15 . 2012-08-15 16:17        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-17 13:14 . 2012-07-17 13:14        253184        ----a-w-        c:\windows\system32\LIVESSP.DLL
2012-07-17 12:49 . 2012-07-17 12:49        209648        ----a-w-        c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 12:37 . 2012-07-17 12:37        19736        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-09 11:42 . 2012-07-09 11:42        4547984        ----a-w-        c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42 . 2012-07-09 11:42        52736        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2012-07-06 17:24 . 2012-07-06 17:15        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-07-06 16:30 . 2012-07-06 16:30        560184        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-07-06 10:29 . 2012-07-06 10:29        85104        ----a-w-        c:\windows\system32\drivers\vmci.sys
2012-07-05 21:39 . 2012-07-05 21:39        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-07-05 21:39 . 2012-07-05 21:39        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-08-10 09:59        3100288        ----a-w-        c:\program files (x86)\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]
"Akamai NetSession Interface"="c:\users\*****\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Facebook Update"="c:\users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-18 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
"WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6049096]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943856]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AcronisAct.lnk - c:\windows\regedit.exe [2009-7-14 427008]
Dropbox.lnk - c:\users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
Facebook Messenger.lnk - c:\users\*****\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [2012-9-5 247728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-22 276248]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2012-09-13 18360]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-19 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-09-18 155272]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2012-09-18 1093256]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-18 228488]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2012-09-18 166024]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-08-18 146528]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-18 3729400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-18 7027752]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-18 367200]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-09-26 34752]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000Core.job
- c:\users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-18 20:32]
.
2012-09-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000UA.job
- c:\users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-18 20:32]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 12:02]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944338609-1795458362-2074219990-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 12:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 01:51        2741024        ----a-w-        c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 01:51        2741024        ----a-w-        c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 01:51        2741024        ----a-w-        c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-22 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-22 439064]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - d:\progra~3\MICROS~1\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xcel exportieren - d:\progra~3\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1hu4p3j6.default-1341528991644\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Orbit_is1 - c:\program files (x86)\Orbitdownloader\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2944338609-1795458362-2074219990-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,ca,3f,62,d4,58,a4,57,7b,f2,4e,67,c7,3a,9f,c0,7e,47,26,da,70,
  42,42,09,10,30,6a,28,b6,c5,7c,49,72,98,80,3e,ad,16,6b,a2,e0,31,29,51,0e,ac,\
"rkeysecu"=hex:21,82,55,26,46,e0,10,b4,9f,07,41,6b,d7,87,89,7c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-26  21:05:44
ComboFix-quarantined-files.txt  2012-09-26 19:05
.
Vor Suchlauf: 12 Verzeichnis(se), 36.332.421.120 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 35.970.560.000 Bytes frei
.
- - End Of File - - 7F77CC92DF5D4ACC949F53E56859E09D


Soll ich wieder versuchen, die NewTab Einstellungen abzuändern?

Gruß

timecop069


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131